diff options
author | Rob Crittenden <rcritten@redhat.com> | 2010-09-17 21:23:08 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2010-09-20 16:04:30 -0400 |
commit | 74e5d8c2af66a90d5cf85d80f7bafd6a21a724d5 (patch) | |
tree | 2ebbbdeb1732575906e037603ff10c06ec3e4591 /ipa-client/ipa-install/ipa-client-install | |
parent | e648e03d0c730e07a55f64e9fb49a2f9bdcf6e52 (diff) | |
download | freeipa-74e5d8c2af66a90d5cf85d80f7bafd6a21a724d5.tar.gz freeipa-74e5d8c2af66a90d5cf85d80f7bafd6a21a724d5.tar.xz freeipa-74e5d8c2af66a90d5cf85d80f7bafd6a21a724d5.zip |
Better distinguish between when DNS discovery works and search more domains.
Passing domain and server on the command-line used to be considered as
DNS autodiscovery worked. This was problematic if there was in fact no
SRV records because krb5.conf would be configured without a specific KDC
causing all Kerberos ops to fail.
Now if you pass in a domain/server it still tries to see if they are
discoverable and if so won't hardcode a server, but will fall back to doing
so if necessary.
Also be a lot more aggressive on looking for the SRV records. Use the
search and domain values from /etc/resolv.conf on the chance that the
SRV records aren't in the domain of the hostname of the machine.
An example of this would be if your laptop is in dhcp.example.com and
your company's SRV records are in corp.example.com. Searching
dhcp.example.com and example.com won't find the SRV records but the user
is likely to have corp.redhat.com in the search list, at least.
ticket 234
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5542f441b..7e52b7516 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -491,7 +491,7 @@ def configure_sssd_conf(fstore, cli_domain, cli_server, options): def main(): options = parse_options() logging_setup(options) - dnsok = True + dnsok = False env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"} global fstore @@ -518,7 +518,7 @@ def main(): # Create the discovery instance ds = ipaclient.ipadiscovery.IPADiscovery() - ret = ds.search(domain=options.domain, server=options.server) + ret = ds.search() if ret == -10: print "Can't get the fully qualified name of this host" print "Please check that the client is properly configured" @@ -532,13 +532,12 @@ def main(): else: print "DNS discovery failed to determine your DNS domain" cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False) - ret = ds.search(domain=cli_domain, server=options.server) + ret = ds.search(domain=cli_domain) if not cli_domain: if ds.getDomainName(): cli_domain = ds.getDomainName() if ret == -2 or not ds.getServerName(): - dnsok = False logging.debug("IPA Server not found") if options.server: cli_server = options.server @@ -548,6 +547,8 @@ def main(): print "DNS discovery failed to find the IPA Server" cli_server = user_input("Please provide your IPA server name (ex: ipa.example.com)", allow_empty = False) ret = ds.search(domain=cli_domain, server=cli_server) + else: + dnsok = True if not cli_server: if ds.getServerName(): cli_server = ds.getServerName() |