On Tue, Feb 13, 2024 at 5:43 PM Rob Crittenden <rcrit...@redhat.com> wrote: > > Mauricio Tavares via FreeIPA-users wrote: > > On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden <rcrit...@redhat.com> wrote: > >> > >> Mauricio Tavares via FreeIPA-users wrote: > >>> So I am trying to add the first ipa client to my test environment. If > >>> I am running ipa-client-install as a root, why is it barking that > >>> > >>> nisdomainname: you must be root to change the domain name > >>> > >>> [root@idm-client1 /]# ipa-client-install --domain example.test > >>> --no-ntp --mkhomedir > >>> This program will set up IPA client. > >>> Version 4.9.12 > >>> > >>> Discovery was successful! > >>> Client hostname: idm-client1.example.test > >>> Realm: EXAMPLE.TEST > >>> DNS Domain: example.test > >>> IPA Server: idm01.example.test > >>> BaseDN: dc=example,dc=test > >>> > >>> Continue to configure the system with these values? [no]: yes > >>> Continue to configure the system with these values? [no]: yes > >>> Skipping chrony configuration > >>> User authorized to enroll computers: admin > >>> Password for ad...@example.test: > >>> Successfully retrieved CA cert > >>> Subject: CN=Certificate Authority,O=EXAMPLE.TEST > >>> Issuer: CN=Certificate Authority,O=EXAMPLE.TEST > >>> Valid From: 2024-02-07 15:25:44 > >>> Valid Until: 2044-02-07 15:25:44 > >>> > >>> Enrolled in IPA realm EXAMPLE.TEST > >>> Created /etc/ipa/default.conf > >>> Configured /etc/sssd/sssd.conf > >>> Systemwide CA database updated. > >>> SSSD enabled > >>> Configured /etc/openldap/ldap.conf > >>> /etc/ssh/ssh_config not found, skipping configuration > >>> /etc/ssh/sshd_config not found, skipping configuration > >>> Configuring example.test as NIS domain. > >>> CalledProcessError(Command ['/bin/systemctl', 'restart', > >>> 'nis-domainname.service'] returned non-zero exit status 1: 'Job for > >>> nis-domainname.service failed because the control process exited with > >>> error code.\nSee "systemctl status nis-domainname.service" and > >>> "journalctl -xe" for details.\n') > >>> The ipa-client-install command failed. See > >>> /var/log/ipaclient-install.log for more information > >>> [root@idm-client1 /]# > >>> > >>> [root@idm-client1 /]# systemctl status nis-domainname.service --full > >>> --no-pager > >>> ● nis-domainname.service - Read and set NIS domainname from > >>> /etc/sysconfig/network > >>> Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service; > >>> enabled; vendor preset: enabled) > >>> Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58 > >>> UTC; 2min 24s ago > >>> Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname > >>> (code=exited, status=1/FAILURE) > >>> Main PID: 300 (code=exited, status=1/FAILURE) > >>> > >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and > >>> set NIS domainname from /etc/sysconfig/network... > >>> Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]: > >>> nisdomainname: you must be root to change the domain name > >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: > >>> nis-domainname.service: Main process exited, code=exited, > >>> status=1/FAILURE > >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: > >>> nis-domainname.service: Failed with result 'exit-code'. > >>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start > >>> Read and set NIS domainname from /etc/sysconfig/network. > >>> [root@idm-client1 /]# > >> > >> Looks like this message appears on any EPERM failure [1]. Are you > >> running in a container? Any SELinux errors? > > > > Right you are: running in container. SELinux currently disabled in > > host. > > You could try --no-nisdomain > > Or a more complex approach like the server container does, > https://github.com/freeipa/freeipa-container/blob/master/hostnamectl-wrapper > > rob > ----no-nisdomain worked for me. Thanks! I will also check the server container approach; there are things there I would like to use anyway. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Freeipa-users] Re: ipa client install as root but am told I need to be root
Mauricio Tavares via FreeIPA-users Thu, 22 Feb 2024 02:48:33 -0800
- [Freeipa-users] ipa client install as r... Mauricio Tavares via FreeIPA-users
- [Freeipa-users] Re: ipa client ins... Rob Crittenden via FreeIPA-users
- [Freeipa-users] Re: ipa client... Mauricio Tavares via FreeIPA-users
- [Freeipa-users] Re: ipa cl... Rob Crittenden via FreeIPA-users
- [Freeipa-users] Re: ip... Mauricio Tavares via FreeIPA-users
