On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden <rcrit...@redhat.com> wrote:
>
> Mauricio Tavares via FreeIPA-users wrote:
> > So I am trying to add the first ipa client to my test environment. If
> > I am running ipa-client-install as a root, why is it barking that
> >
> > nisdomainname: you must be root to change the domain name
> >
> > [root@idm-client1 /]# ipa-client-install --domain example.test
> > --no-ntp --mkhomedir
> > This program will set up IPA client.
> > Version 4.9.12
> >
> > Discovery was successful!
> > Client hostname: idm-client1.example.test
> > Realm: EXAMPLE.TEST
> > DNS Domain: example.test
> > IPA Server: idm01.example.test
> > BaseDN: dc=example,dc=test
> >
> > Continue to configure the system with these values? [no]: yes
> > Continue to configure the system with these values? [no]: yes
> > Skipping chrony configuration
> > User authorized to enroll computers: admin
> > Password for ad...@example.test:
> > Successfully retrieved CA cert
> > Subject: CN=Certificate Authority,O=EXAMPLE.TEST
> > Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
> > Valid From: 2024-02-07 15:25:44
> > Valid Until: 2044-02-07 15:25:44
> >
> > Enrolled in IPA realm EXAMPLE.TEST
> > Created /etc/ipa/default.conf
> > Configured /etc/sssd/sssd.conf
> > Systemwide CA database updated.
> > SSSD enabled
> > Configured /etc/openldap/ldap.conf
> > /etc/ssh/ssh_config not found, skipping configuration
> > /etc/ssh/sshd_config not found, skipping configuration
> > Configuring example.test as NIS domain.
> > CalledProcessError(Command ['/bin/systemctl', 'restart',
> > 'nis-domainname.service'] returned non-zero exit status 1: 'Job for
> > nis-domainname.service failed because the control process exited with
> > error code.\nSee "systemctl status nis-domainname.service" and
> > "journalctl -xe" for details.\n')
> > The ipa-client-install command failed. See
> > /var/log/ipaclient-install.log for more information
> > [root@idm-client1 /]#
> >
> > [root@idm-client1 /]# systemctl status nis-domainname.service --full
> > --no-pager
> > ● nis-domainname.service - Read and set NIS domainname from
> > /etc/sysconfig/network
> > Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
> > enabled; vendor preset: enabled)
> > Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
> > UTC; 2min 24s ago
> > Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
> > (code=exited, status=1/FAILURE)
> > Main PID: 300 (code=exited, status=1/FAILURE)
> >
> > Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
> > set NIS domainname from /etc/sysconfig/network...
> > Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
> > nisdomainname: you must be root to change the domain name
> > Feb 12 21:26:58 idm-client1.example.test systemd[1]:
> > nis-domainname.service: Main process exited, code=exited,
> > status=1/FAILURE
> > Feb 12 21:26:58 idm-client1.example.test systemd[1]:
> > nis-domainname.service: Failed with result 'exit-code'.
> > Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
> > Read and set NIS domainname from /etc/sysconfig/network.
> > [root@idm-client1 /]#
>
> Looks like this message appears on any EPERM failure [1]. Are you
> running in a container? Any SELinux errors?
Right you are: running in container. SELinux currently disabled in host.
>
> rob
>
> [1] https://github.com/giftnuss/net-tools/blob/master/hostname.c#L75
>
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
