Mauricio Tavares via FreeIPA-users wrote:
On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden
<rcritten(a)redhat.com> wrote:
>
> Mauricio Tavares via FreeIPA-users wrote:
>> So I am trying to add the first ipa client to my test environment. If
>> I am running ipa-client-install as a root, why is it barking that
>>
>> nisdomainname: you must be root to change the domain name
>>
>> [root@idm-client1 /]# ipa-client-install --domain example.test
>> --no-ntp --mkhomedir
>> This program will set up IPA client.
>> Version 4.9.12
>>
>> Discovery was successful!
>> Client hostname: idm-client1.example.test
>> Realm: EXAMPLE.TEST
>> DNS Domain: example.test
>> IPA Server: idm01.example.test
>> BaseDN: dc=example,dc=test
>>
>> Continue to configure the system with these values? [no]: yes
>> Continue to configure the system with these values? [no]: yes
>> Skipping chrony configuration
>> User authorized to enroll computers: admin
>> Password for admin(a)EXAMPLE.TEST:
>> Successfully retrieved CA cert
>> Subject: CN=Certificate Authority,O=EXAMPLE.TEST
>> Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
>> Valid From: 2024-02-07 15:25:44
>> Valid Until: 2044-02-07 15:25:44
>>
>> Enrolled in IPA realm EXAMPLE.TEST
>> Created /etc/ipa/default.conf
>> Configured /etc/sssd/sssd.conf
>> Systemwide CA database updated.
>> SSSD enabled
>> Configured /etc/openldap/ldap.conf
>> /etc/ssh/ssh_config not found, skipping configuration
>> /etc/ssh/sshd_config not found, skipping configuration
>> Configuring example.test as NIS domain.
>> CalledProcessError(Command ['/bin/systemctl', 'restart',
>> 'nis-domainname.service'] returned non-zero exit status 1: 'Job for
>> nis-domainname.service failed because the control process exited with
>> error code.\nSee "systemctl status nis-domainname.service" and
>> "journalctl -xe" for details.\n')
>> The ipa-client-install command failed. See
>> /var/log/ipaclient-install.log for more information
>> [root@idm-client1 /]#
>>
>> [root@idm-client1 /]# systemctl status nis-domainname.service --full --no-pager
>> ● nis-domainname.service - Read and set NIS domainname from
>> /etc/sysconfig/network
>> Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
>> enabled; vendor preset: enabled)
>> Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
>> UTC; 2min 24s ago
>> Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
>> (code=exited, status=1/FAILURE)
>> Main PID: 300 (code=exited, status=1/FAILURE)
>>
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
>> set NIS domainname from /etc/sysconfig/network...
>> Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
>> nisdomainname: you must be root to change the domain name
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
>> nis-domainname.service: Main process exited, code=exited,
>> status=1/FAILURE
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
>> nis-domainname.service: Failed with result 'exit-code'.
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
>> Read and set NIS domainname from /etc/sysconfig/network.
>> [root@idm-client1 /]#
>
> Looks like this message appears on any EPERM failure [1]. Are you
> running in a container? Any SELinux errors?
Right you are: running in container. SELinux currently disabled in host.
You could try --no-nisdomain
Or a more complex approach like the server container does,
https://github.com/freeipa/freeipa-container/blob/master/hostnamectl-wrapper
rob