[Freeipa-devel] [Freeipa-users] ipa admin tool error "ipa: ERROR: Client is not configured. Run ipa-client-install."
Rob Crittenden
rcritten at redhat.com
Tue Jan 8 14:49:41 UTC 2013
Petr Spacek wrote:
> On 7.1.2013 17:47, Rob Crittenden wrote:
>> Petr Viktorin wrote:
>>> On 01/07/2013 11:00 AM, Natxo Asenjo wrote:
>>>> hi,
>>>>
>>>> on a workstation *not* joined to the IPA domain but with the the ipa
>>>> admin tools installed I get this error when trying to modify dns
>>>> settings and I have a kerberos ticket of an admin user:
>>>>
>>>> $ kinit user.admin at UNIX.DOMAIN.TLD
>>>> Password for user.admin at UNIX.DOMAIN.TLD
>>>> $ klist
>>>> Ticket cache: FILE:/tmp/krb5cc_500
>>>> Default principal: user.admin at UNIX.DOMAIN.TLD
>>>>
>>>> Valid starting Expires Service principal
>>>> 01/07/13 10:47:09 01/08/13 10:47:06
>>>> krbtgt/UNIX.DOMAIN.TLD at UNIX.DOMAIN.TLD
>>>> renew until 01/14/13 10:47:06
>>>>
>>>> $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300
>>>> ipa: ERROR: Client is not configured. Run ipa-client-install.
>>>>
>>>> Is this 'by design'? This limitation on the cli tool does not apply to
>>>> the web interface, by the way, that is, I can login the web interface
>>>> without being joined to the domain and modify all kind of stuff there
>>>> ;-).
>>>>
>>>> To be more specific: this is not a problem, I can run this command on
>>>> a joined host, but I was just curious.
>>>>
>>>
>>>
>>> I think the check we're making here (at least one directive has to be
>>> read from a config file) is rather limiting. I'd expect the following to
>>> work:
>>>
>>> ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod
>>> example.com ipa --ttl=300
>>>
>>
>> The reason is you get a really crappy error if you try to run the tool
>> on an
>> unconfigured machine without cleverly passing in the URI via -e.
>
> IMHO the error message could be much clearer:
> IPA client is not configured on this machine. Configure xmlrpc_uri in
> ~/.ipa/default.conf or add "-e xmlrpc_uri=" parameter before using IPA
> admin tools.
>
> Something like that ...
>
I think I'd prefer to write a note on the wiki on how to manually
minimally configure a host to use the ipa tool. This is the first time
this has come up on the list, so it isn't a particularly hot issue.
rob
More information about the Freeipa-devel
mailing list