freeipa.git/ipa-client/ipa-install, branch hbactest FreeIPA project Make ipa-client-install error messages more understandable and relevant. 2011-07-20T00:41:54+00:00 Rob Crittenden rcritten@redhat.com 2011-07-06T14:30:24+00:00 02df85bb2e1e5142285b185803a118f4430dbe1f * Check remote LDAP server to see if it is a V2 server * Replace numeric return values with alphanumeric constants * Display the error message from the ipa-enrollment extended op * Remove generic join failed error message when XML-RPC fails * Don't display Certificate subject base when enrollment fails * Return proper error message when LDAP bind fails https://fedorahosted.org/freeipa/ticket/1417 
* Check remote LDAP server to see if it is a V2 server
* Replace numeric return values with alphanumeric constants
* Display the error message from the ipa-enrollment extended op
* Remove generic join failed error message when XML-RPC fails
* Don't display Certificate subject base when enrollment fails
* Return proper error message when LDAP bind fails

https://fedorahosted.org/freeipa/ticket/1417
Fix sssd.conf to always have IPA certificate for the domain. 2011-07-18T23:42:04+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-07-19T13:07:05+00:00 1b4aaf5756b490f5cacb89b4010d0d0803bfbf3d Fixes https://fedorahosted.org/freeipa/ticket/1476 SSSD will need TLS for checking if ipaMigrationEnabled attribute is set Note that SSSD will force StartTLS because the channel is later used for authentication as well if password migration is enabled. Thus set the option unconditionally. 
Fixes https://fedorahosted.org/freeipa/ticket/1476

SSSD will need TLS for checking if ipaMigrationEnabled attribute is set
Note that SSSD will force StartTLS because the channel is later used for
authentication as well if password migration is enabled. Thus set the option
unconditionally.
Change client enrollment principal prompt to hopefully be clearer. 2011-07-19T06:43:45+00:00 Rob Crittenden rcritten@redhat.com 2011-07-19T02:46:44+00:00 ba1575772c076f59e5b836ede90e43790522785a ticket https://fedorahosted.org/freeipa/ticket/1449 
ticket https://fedorahosted.org/freeipa/ticket/1449
Rearrange logging for NSCD daemon. 2011-07-18T12:03:09+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-07-01T08:11:38+00:00 824ec7e3a2330f63964f6f5335fb63f8b2c94096 https://fedorahosted.org/freeipa/ticket/1373 When SSSD is in use, we actually trying to disable NSCD daemon. Telling that we failed to configure automatic _startup_ of the NSCD is wrong then. 
https://fedorahosted.org/freeipa/ticket/1373

When SSSD is in use, we actually trying to disable NSCD daemon. Telling
that we failed to configure automatic _startup_ of the NSCD is wrong then.
Configure SSSD to store user password if offline. 2011-07-14T23:26:25+00:00 Jan Cholasta jcholast@redhat.com 2011-06-28T12:19:51+00:00 1c5028c17df9dc903a6db2712738670c3534246f ticket 1359 
ticket 1359
Remove redundant configuration values from krb5.conf. 2011-06-28T05:10:06+00:00 Jan Cholasta jcholast@redhat.com 2011-06-27T12:31:16+00:00 f05141e6468ce972b9c0d9707a4d640fe40da2b7 ticket 1358 
ticket 1358
On a master configure sssd to only talk to the local master. 2011-06-21T14:07:06+00:00 Rob Crittenden rcritten@redhat.com 2011-06-20T19:39:25+00:00 d0af8b28d7552b301d5d2c1af93ed1604dc5df8f Otherwise it is possible for sssd to pick a different master to communicate with via the DNS SRV records and if the remote master goes down the local one will have problems as well. ticket https://fedorahosted.org/freeipa/ticket/1187 
Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down the local one will have problems as well.

ticket https://fedorahosted.org/freeipa/ticket/1187
Fix support for nss-pam-ldapd 2011-06-08T08:00:27+00:00 Martin Kosek mkosek@redhat.com 2011-05-18T15:06:15+00:00 e7731244749028b11d89e8ac745a5d16f7d470e2 Client installation with --no-sssd option was broken if the client was based on a nss-pam-ldap instead of nss_ldap. The main issue is with authconfig rewriting the nslcd.conf after it has been configured by ipa-client-install. This has been fixed by changing an order of installation steps. Additionally, nslcd daemon needed for nss-pam-ldap function is correctly started. https://fedorahosted.org/freeipa/ticket/1235 
Client installation with --no-sssd option was broken if the client
was based on a nss-pam-ldap instead of nss_ldap. The main issue is
with authconfig rewriting the nslcd.conf after it has been
configured by ipa-client-install.

This has been fixed by changing an order of installation steps.
Additionally, nslcd daemon needed for nss-pam-ldap function is
correctly started.

https://fedorahosted.org/freeipa/ticket/1235
Properly configure nsswitch.conf when using the --no-sssd option. 2011-05-18T11:19:06+00:00 Rob Crittenden rcritten@redhat.com 2011-04-21T19:55:17+00:00 7a867102c5c01c8c3c76dbf0147647f2f2f648f6 Even with --no-sssd authconfig was setting nsswitch.conf to use sssd for users, groups, shadow and netgroups. We need to pass in the --enableforcelegacy option hwen configuring nss_ldap. Also always back up and restore sssd.conf. It still gets configured for kerberos. ticket 1142 
Even with --no-sssd authconfig was setting nsswitch.conf to use sssd
for users, groups, shadow and netgroups. We need to pass in the
--enableforcelegacy option hwen configuring nss_ldap.

Also always back up and restore sssd.conf. It still gets configured for
kerberos.

ticket 1142
KDC autodiscovery may fail when domain is not realm 2011-05-17T06:56:22+00:00 Martin Kosek mkosek@redhat.com 2011-03-21T13:50:05+00:00 95b4040f6b4f43b864dce86648f09a1402889af9 When ipa-client-install autodiscovers IPA server values it doesn't fill the fixed KDC address to Kerberos configuration file. However, when realm != domain or the autodiscovered values are overridden, installation may fail because it cannot find the KDC. This patch adds a failover to use static KDC address in case when such an issue occurs. https://fedorahosted.org/freeipa/ticket/1100 
When ipa-client-install autodiscovers IPA server values it
doesn't fill the fixed KDC address to Kerberos configuration
file. However, when realm != domain or the autodiscovered values
are overridden, installation may fail because it cannot find the
KDC.

This patch adds a failover to use static KDC address in case when
such an issue occurs.

https://fedorahosted.org/freeipa/ticket/1100