diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-04-21 15:55:17 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-05-18 13:19:06 +0200 |
| commit | 7a867102c5c01c8c3c76dbf0147647f2f2f648f6 (patch) | |
| tree | 3b29fc8fbeb6edff6147779b24f53080829897c8 | |
| parent | 4027b12371051c2e9f53b1b6cd2c4e4fbc333731 (diff) | |
| download | freeipa-7a867102c5c01c8c3c76dbf0147647f2f2f648f6.tar.gz freeipa-7a867102c5c01c8c3c76dbf0147647f2f2f648f6.tar.xz freeipa-7a867102c5c01c8c3c76dbf0147647f2f2f648f6.zip | |
Properly configure nsswitch.conf when using the --no-sssd option.
Even with --no-sssd authconfig was setting nsswitch.conf to use sssd
for users, groups, shadow and netgroups. We need to pass in the
--enableforcelegacy option hwen configuring nss_ldap.
Also always back up and restore sssd.conf. It still gets configured for
kerberos.
ticket 1142
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 79ed6fa87..67196022a 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -66,7 +66,7 @@ def parse_options(): help="unattended installation never prompts the user") parser.add_option("--ntp-server", dest="ntp_server", help="ntp server to use") parser.add_option("-S", "--no-sssd", action="store_false", - help="do not configure sssd", default=True, dest="sssd") + help="Do not configure the client to use SSSD for authentication", default=True, dest="sssd") parser.add_option("-N", "--no-ntp", action="store_false", help="do not configure ntp", default=True, dest="conf_ntp") parser.add_option("-w", "--password", dest="password", sensitive=True, @@ -494,7 +494,6 @@ def configure_certmonger(fstore, subject_base, cli_realm, hostname, options): print "certmonger request for host certificate failed" def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): - fstore.backup_file("/etc/sssd/sssd.conf") sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.new_config() @@ -851,6 +850,8 @@ def main(): configure_ipa_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server) print "Created /etc/ipa/default.conf" + # Always back up sssd.conf. It gets updated by authconfig --enablekrb5. + fstore.backup_file("/etc/sssd/sssd.conf") if options.sssd: if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): return 1 @@ -913,7 +914,7 @@ def main(): cmd = ["/usr/sbin/authconfig", "--enablesssd", "--enablesssdauth", "--update"] message = "SSSD enabled" else: - cmd = ["/usr/sbin/authconfig", "--enableldap", "--update"] + cmd = ["/usr/sbin/authconfig", "--enableldap", "--enableforcelegacy", "--update"] message = "LDAP enabled" if options.mkhomedir: |