[Freeipa-devel] [Freeipa-users] ipa admin tool error "ipa: ERROR: Client is not configured. Run ipa-client-install."

Tue Jan 8 07:44:43 UTC 2013

On 7.1.2013 17:47, Rob Crittenden wrote:
> Petr Viktorin wrote:
>> On 01/07/2013 11:00 AM, Natxo Asenjo wrote:
>>> hi,
>>>
>>> on a workstation *not* joined to the IPA domain but with the the ipa
>>> admin tools installed I get this error when trying to modify dns
>>> settings and I have a kerberos ticket of an admin user:
>>>
>>> $ kinit user.admin at UNIX.DOMAIN.TLD
>>> Password for user.admin at UNIX.DOMAIN.TLD
>>> $ klist
>>> Ticket cache: FILE:/tmp/krb5cc_500
>>> Default principal: user.admin at UNIX.DOMAIN.TLD
>>>
>>> Valid starting     Expires            Service principal
>>> 01/07/13 10:47:09  01/08/13 10:47:06
>>> krbtgt/UNIX.DOMAIN.TLD at UNIX.DOMAIN.TLD
>>>     renew until 01/14/13 10:47:06
>>>
>>> $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300
>>> ipa: ERROR: Client is not configured. Run ipa-client-install.
>>>
>>> Is this 'by design'? This limitation on the cli tool does not apply to
>>> the web interface, by the way, that is, I can login the web interface
>>> without being joined to the domain and modify all kind of stuff there
>>> ;-).
>>>
>>> To be more specific: this is not a problem, I can run this command on
>>> a joined host, but I was just curious.
>>>
>>
>>
>> I think the check we're making here (at least one directive has to be
>> read from a config file) is rather limiting. I'd expect the following to
>> work:
>>
>> ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod
>> example.com ipa --ttl=300
>>
>
> The reason is you get a really crappy error if you try to run the tool on an
> unconfigured machine without cleverly passing in the URI via -e.

IMHO the error message could be much clearer:
IPA client is not configured on this machine. Configure xmlrpc_uri in 
~/.ipa/default.conf or add "-e xmlrpc_uri=" parameter before using IPA admin 
tools.

Something like that ...

-- 
Petr^2 Spacek