[Freeipa-devel] [PATCH] 1 Add ipa-adtrust-install utility

Simo Sorce simo at redhat.com
Mon Sep 12 21:24:38 UTC 2011


On Mon, 2011-09-12 at 17:53 +0200, Sumit Bose wrote:
[..]
> > 
> I can now run 'smbclient -k -L' on my test system wit hthe recent samba
> patch.

Sorry a couple more nitpicks.

Trying to reinstall ipa-adtrust-install it returned immediately with 
"Aborting Installation" and no explanation whatsoever. Turned out it saw
there was the IPA autogenerated text in smb.conf and decided to get out.

- 2 issues here:
1) no information (I had to check the code to see what reported that
error message), so we need a reason nif we abort.
2) In interactive mode we should ask if we want to proceed anyway I
think (to make it simpler to test it on an already enabled tree), but
can be convinced it is safer to just abort.


- Once I fixed that by removing smb.conf and all tdbs to be sure, it
failed because smb.conf was not found, we should not require to find it
if we are going to wipe it anyway. If it is not there we should just go
on and create one.


- Then it correctly detected the samba sysaccount user existed and
decided not to reset the password. Not sure why, if we proceeed and
reset the password in both ldap and secrets.tdb we are sure they are the
same, if we don't we just risk having no password (I wiped out
secrets.tdb and running ipa-adtruct-install again is the fastest way to
get that restered). I think you should always reset that password.


- The installation also failed because the service entry under the
master entry already existed. We should probably ignore and proceed, in
case of existing object. Not fail.


Except for these points I had to set SELinux in permissive mode in order
to run the epmd, we need to track SELinux changes in a ticket I think.

I wasn't able to test smbclient -k yes due to another bug in smbd but
the install seem fine so far, and I was able to get a ticket for cifs/
w/o any issue, and auth seemed to work.

So if the nitpicks above get fixed it should be the last revision.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Freeipa-devel mailing list