diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-09-18 12:56:00 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-10-03 12:02:44 +0200 |
commit | bae291def780c81144c8f4d71ced5007e1ee3867 (patch) | |
tree | f6198a44c518552f95b32e48354f21b7447341a3 /install/tools/ipa-adtrust-install | |
parent | 8ebb76177dbe675b281a4c06fabd4d27b2dffd7c (diff) | |
download | freeipa.git-bae291def780c81144c8f4d71ced5007e1ee3867.tar.gz freeipa.git-bae291def780c81144c8f4d71ced5007e1ee3867.tar.xz freeipa.git-bae291def780c81144c8f4d71ced5007e1ee3867.zip |
Warn user about realm-domain mismatch in install scripts
If the IPA server is setup with non-matching domain and realm
names, it will not be able to estabilish trust with the Active
Directory.
Adds warnings to the ipa-server-install and warning to the
ipa-adtrust-install (which has to be confirmed).
Man pages for the ipa-server-install and ipa-adtrust-install were
updated with the relevant notes.
https://fedorahosted.org/freeipa/ticket/3924
Diffstat (limited to 'install/tools/ipa-adtrust-install')
-rwxr-xr-x | install/tools/ipa-adtrust-install | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install index 838f7226..2af2df92 100755 --- a/install/tools/ipa-adtrust-install +++ b/install/tools/ipa-adtrust-install @@ -248,6 +248,22 @@ def main(): api.bootstrap(**cfg) api.finalize() + # If domain name and realm does not match, IPA server will not be able + # to estabilish trust with Active Directory. Print big fat warning. + + realm_not_matching_domain = (api.env.domain.upper() != api.env.realm) + + if realm_not_matching_domain: + print("WARNING: Realm name does not match the domain name.\n" + "You will not be able to estabilish trusts with Active " + "Directory unless\nthe realm name of the IPA server matches its " + "domain name.\n\n") + if not options.unattended: + if not ipautil.user_input("Do you wish to continue?", + default = False, + allow_empty = False): + sys.exit("Aborting installation.") + if adtrustinstance.ipa_smb_conf_exists(): if not options.unattended: while True: |