diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-03-21 14:50:05 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2011-05-17 08:56:22 +0200 |
| commit | 95b4040f6b4f43b864dce86648f09a1402889af9 (patch) | |
| tree | e198e1845ad099fc60117296ed812c72d5847101 /ipa-client/ipaclient | |
| parent | a7f9814ab702cfa42988e47e80f44b57a195ad1e (diff) | |
| download | freeipa-95b4040f6b4f43b864dce86648f09a1402889af9.tar.gz freeipa-95b4040f6b4f43b864dce86648f09a1402889af9.tar.xz freeipa-95b4040f6b4f43b864dce86648f09a1402889af9.zip | |
KDC autodiscovery may fail when domain is not realm
When ipa-client-install autodiscovers IPA server values it
doesn't fill the fixed KDC address to Kerberos configuration
file. However, when realm != domain or the autodiscovered values
are overridden, installation may fail because it cannot find the
KDC.
This patch adds a failover to use static KDC address in case when
such an issue occurs.
https://fedorahosted.org/freeipa/ticket/1100
Diffstat (limited to 'ipa-client/ipaclient')
| -rw-r--r-- | ipa-client/ipaclient/ipadiscovery.py | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index 0df23eb97..d149412ec 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -68,6 +68,9 @@ class IPADiscovery: def getRealmName(self): return self.realm + def getKDCName(self): + return self.kdc + def getBaseDN(self): return self.basedn @@ -139,20 +142,20 @@ class IPADiscovery: else: return -2 #no ldap server found - - #search for kerberos TODO: move this after ipacheckldap() - logging.debug("[ipadnssearchkrb]") - krbret = self.ipadnssearchkrb(self.domain) - if not krbret: - return -3 #no krb server found - - self.realm = krbret[0] - else: #server forced on us, this means DNS doesn't work :/ self.domain = domain self.server = server + #search for kerberos + logging.debug("[ipadnssearchkrb]") + krbret = self.ipadnssearchkrb(self.domain) + if not server and not krbret[0]: + return -3 # realm for autodiscovery not found + + self.realm = krbret[0] + self.kdc = krbret[1] + logging.debug("[ipacheckldap]") # check ldap now ldapret = self.ipacheckldap(self.server, self.realm) @@ -303,7 +306,7 @@ class IPADiscovery: if realm: # now fetch server information for the realm - qname = "_kerberos._udp." + tdomain + qname = "_kerberos._udp." + realm.lower() # terminate the name if not qname.endswith("."): qname += "." @@ -318,4 +321,7 @@ class IPADiscovery: else: kdc = qname + if not kdc: + logging.debug("SRV record for KDC not found! Realm: %s, SRV record: %s" % (realm, qname)) + return [realm, kdc] |