[Freeipa-devel] [Freeipa-users] ipa admin tool error "ipa: ERROR: Client is not configured. Run ipa-client-install."
Rob Crittenden
rcritten at redhat.com
Mon Jan 7 16:47:19 UTC 2013
Petr Viktorin wrote:
> On 01/07/2013 11:00 AM, Natxo Asenjo wrote:
>> hi,
>>
>> on a workstation *not* joined to the IPA domain but with the the ipa
>> admin tools installed I get this error when trying to modify dns
>> settings and I have a kerberos ticket of an admin user:
>>
>> $ kinit user.admin at UNIX.DOMAIN.TLD
>> Password for user.admin at UNIX.DOMAIN.TLD
>> $ klist
>> Ticket cache: FILE:/tmp/krb5cc_500
>> Default principal: user.admin at UNIX.DOMAIN.TLD
>>
>> Valid starting Expires Service principal
>> 01/07/13 10:47:09 01/08/13 10:47:06
>> krbtgt/UNIX.DOMAIN.TLD at UNIX.DOMAIN.TLD
>> renew until 01/14/13 10:47:06
>>
>> $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300
>> ipa: ERROR: Client is not configured. Run ipa-client-install.
>>
>> Is this 'by design'? This limitation on the cli tool does not apply to
>> the web interface, by the way, that is, I can login the web interface
>> without being joined to the domain and modify all kind of stuff there
>> ;-).
>>
>> To be more specific: this is not a problem, I can run this command on
>> a joined host, but I was just curious.
>>
>
>
> I think the check we're making here (at least one directive has to be
> read from a config file) is rather limiting. I'd expect the following to
> work:
>
> ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod
> example.com ipa --ttl=300
>
The reason is you get a really crappy error if you try to run the tool
on an unconfigured machine without cleverly passing in the URI via -e.
rob
More information about the Freeipa-devel
mailing list