3:04 p.m.
So I am trying to add the first ipa client to my test environment. If
I am running ipa-client-install as a root, why is it barking that
nisdomainname: you must be root to change the domain name
[root@idm-client1 /]# ipa-client-install --domain example.test
--no-ntp --mkhomedir
This program will set up IPA client.
Version 4.9.12
Discovery was successful!
Client hostname: idm-client1.example.test
Realm: EXAMPLE.TEST
DNS Domain: example.test
IPA Server: idm01.example.test
BaseDN: dc=example,dc=test
Continue to configure the system with these values? [no]: yes
Continue to configure the system with these values? [no]: yes
Skipping chrony configuration
User authorized to enroll computers: admin
Password for admin(a)EXAMPLE.TEST:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.TEST
Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
Valid From: 2024-02-07 15:25:44
Valid Until: 2044-02-07 15:25:44
Enrolled in IPA realm EXAMPLE.TEST
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
SSSD enabled
Configured /etc/openldap/ldap.conf
/etc/ssh/ssh_config not found, skipping configuration
/etc/ssh/sshd_config not found, skipping configuration
Configuring example.test as NIS domain.
CalledProcessError(Command ['/bin/systemctl', 'restart',
'nis-domainname.service'] returned non-zero exit status 1: 'Job for
nis-domainname.service failed because the control process exited with
error code.\nSee "systemctl status nis-domainname.service" and
"journalctl -xe" for details.\n')
The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information
[root@idm-client1 /]#
[root@idm-client1 /]# systemctl status nis-domainname.service --full --no-pager
● nis-domainname.service - Read and set NIS domainname from
/etc/sysconfig/network
Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
UTC; 2min 24s ago
Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
(code=exited, status=1/FAILURE)
Main PID: 300 (code=exited, status=1/FAILURE)
Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
set NIS domainname from /etc/sysconfig/network...
Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
nisdomainname: you must be root to change the domain name
Feb 12 21:26:58 idm-client1.example.test systemd[1]:
nis-domainname.service: Main process exited, code=exited,
status=1/FAILURE
Feb 12 21:26:58 idm-client1.example.test systemd[1]:
nis-domainname.service: Failed with result 'exit-code'.
Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
Read and set NIS domainname from /etc/sysconfig/network.
[root@idm-client1 /]#
3:37 p.m.
New subject: ipa client install as root but am told I need to be root
Mauricio Tavares via FreeIPA-users wrote:
So I am trying to add the first ipa client to my test environment.
If
I am running ipa-client-install as a root, why is it barking that
nisdomainname: you must be root to change the domain name
[root@idm-client1 /]# ipa-client-install --domain example.test
--no-ntp --mkhomedir
This program will set up IPA client.
Version 4.9.12
Discovery was successful!
Client hostname: idm-client1.example.test
Realm: EXAMPLE.TEST
DNS Domain: example.test
IPA Server: idm01.example.test
BaseDN: dc=example,dc=test
Continue to configure the system with these values? [no]: yes
Continue to configure the system with these values? [no]: yes
Skipping chrony configuration
User authorized to enroll computers: admin
Password for admin(a)EXAMPLE.TEST:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.TEST
Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
Valid From: 2024-02-07 15:25:44
Valid Until: 2044-02-07 15:25:44
Enrolled in IPA realm EXAMPLE.TEST
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
SSSD enabled
Configured /etc/openldap/ldap.conf
/etc/ssh/ssh_config not found, skipping configuration
/etc/ssh/sshd_config not found, skipping configuration
Configuring example.test as NIS domain.
CalledProcessError(Command ['/bin/systemctl', 'restart',
'nis-domainname.service'] returned non-zero exit status 1: 'Job for
nis-domainname.service failed because the control process exited with
error code.\nSee "systemctl status nis-domainname.service" and
"journalctl -xe" for details.\n')
The ipa-client-install command failed. See
/var/log/ipaclient-install.log for more information
[root@idm-client1 /]#
[root@idm-client1 /]# systemctl status nis-domainname.service --full --no-pager
● nis-domainname.service - Read and set NIS domainname from
/etc/sysconfig/network
Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
UTC; 2min 24s ago
Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
(code=exited, status=1/FAILURE)
Main PID: 300 (code=exited, status=1/FAILURE)
Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
set NIS domainname from /etc/sysconfig/network...
Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
nisdomainname: you must be root to change the domain name
Feb 12 21:26:58 idm-client1.example.test systemd[1]:
nis-domainname.service: Main process exited, code=exited,
status=1/FAILURE
Feb 12 21:26:58 idm-client1.example.test systemd[1]:
nis-domainname.service: Failed with result 'exit-code'.
Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
Read and set NIS domainname from /etc/sysconfig/network.
[root@idm-client1 /]#
Looks like this message appears on any EPERM failure [1]. Are you
running in a container? Any SELinux errors?
rob
[1] https://github.com/giftnuss/net-tools/blob/master/hostname.c#L75
3:52 p.m.
New subject: ipa client install as root but am told I need to be root
On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Mauricio Tavares via FreeIPA-users wrote:
> So I am trying to add the first ipa client to my test environment. If
> I am running ipa-client-install as a root, why is it barking that
>
> nisdomainname: you must be root to change the domain name
>
> [root@idm-client1 /]# ipa-client-install --domain example.test
> --no-ntp --mkhomedir
> This program will set up IPA client.
> Version 4.9.12
>
> Discovery was successful!
> Client hostname: idm-client1.example.test
> Realm: EXAMPLE.TEST
> DNS Domain: example.test
> IPA Server: idm01.example.test
> BaseDN: dc=example,dc=test
>
> Continue to configure the system with these values? [no]: yes
> Continue to configure the system with these values? [no]: yes
> Skipping chrony configuration
> User authorized to enroll computers: admin
> Password for admin(a)EXAMPLE.TEST:
> Successfully retrieved CA cert
> Subject: CN=Certificate Authority,O=EXAMPLE.TEST
> Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
> Valid From: 2024-02-07 15:25:44
> Valid Until: 2044-02-07 15:25:44
>
> Enrolled in IPA realm EXAMPLE.TEST
> Created /etc/ipa/default.conf
> Configured /etc/sssd/sssd.conf
> Systemwide CA database updated.
> SSSD enabled
> Configured /etc/openldap/ldap.conf
> /etc/ssh/ssh_config not found, skipping configuration
> /etc/ssh/sshd_config not found, skipping configuration
> Configuring example.test as NIS domain.
> CalledProcessError(Command ['/bin/systemctl', 'restart',
> 'nis-domainname.service'] returned non-zero exit status 1: 'Job for
> nis-domainname.service failed because the control process exited with
> error code.\nSee "systemctl status nis-domainname.service" and
> "journalctl -xe" for details.\n')
> The ipa-client-install command failed. See
> /var/log/ipaclient-install.log for more information
> [root@idm-client1 /]#
>
> [root@idm-client1 /]# systemctl status nis-domainname.service --full --no-pager
> ● nis-domainname.service - Read and set NIS domainname from
> /etc/sysconfig/network
> Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
> enabled; vendor preset: enabled)
> Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
> UTC; 2min 24s ago
> Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
> (code=exited, status=1/FAILURE)
> Main PID: 300 (code=exited, status=1/FAILURE)
>
> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
> set NIS domainname from /etc/sysconfig/network...
> Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
> nisdomainname: you must be root to change the domain name
> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
> nis-domainname.service: Main process exited, code=exited,
> status=1/FAILURE
> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
> nis-domainname.service: Failed with result 'exit-code'.
> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
> Read and set NIS domainname from /etc/sysconfig/network.
> [root@idm-client1 /]#
Looks like this message appears on any EPERM failure [1]. Are you
running in a container? Any SELinux errors?
Right you are: running in container. SELinux currently disabled in host.
>
> rob
>
> [1] https://github.com/giftnuss/net-tools/blob/master/hostname.c#L75
>
4:43 p.m.
New subject: ipa client install as root but am told I need to be root
Mauricio Tavares via FreeIPA-users wrote:
On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden
<rcritten(a)redhat.com> wrote:
>
> Mauricio Tavares via FreeIPA-users wrote:
>> So I am trying to add the first ipa client to my test environment. If
>> I am running ipa-client-install as a root, why is it barking that
>>
>> nisdomainname: you must be root to change the domain name
>>
>> [root@idm-client1 /]# ipa-client-install --domain example.test
>> --no-ntp --mkhomedir
>> This program will set up IPA client.
>> Version 4.9.12
>>
>> Discovery was successful!
>> Client hostname: idm-client1.example.test
>> Realm: EXAMPLE.TEST
>> DNS Domain: example.test
>> IPA Server: idm01.example.test
>> BaseDN: dc=example,dc=test
>>
>> Continue to configure the system with these values? [no]: yes
>> Continue to configure the system with these values? [no]: yes
>> Skipping chrony configuration
>> User authorized to enroll computers: admin
>> Password for admin(a)EXAMPLE.TEST:
>> Successfully retrieved CA cert
>> Subject: CN=Certificate Authority,O=EXAMPLE.TEST
>> Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
>> Valid From: 2024-02-07 15:25:44
>> Valid Until: 2044-02-07 15:25:44
>>
>> Enrolled in IPA realm EXAMPLE.TEST
>> Created /etc/ipa/default.conf
>> Configured /etc/sssd/sssd.conf
>> Systemwide CA database updated.
>> SSSD enabled
>> Configured /etc/openldap/ldap.conf
>> /etc/ssh/ssh_config not found, skipping configuration
>> /etc/ssh/sshd_config not found, skipping configuration
>> Configuring example.test as NIS domain.
>> CalledProcessError(Command ['/bin/systemctl', 'restart',
>> 'nis-domainname.service'] returned non-zero exit status 1: 'Job for
>> nis-domainname.service failed because the control process exited with
>> error code.\nSee "systemctl status nis-domainname.service" and
>> "journalctl -xe" for details.\n')
>> The ipa-client-install command failed. See
>> /var/log/ipaclient-install.log for more information
>> [root@idm-client1 /]#
>>
>> [root@idm-client1 /]# systemctl status nis-domainname.service --full --no-pager
>> ● nis-domainname.service - Read and set NIS domainname from
>> /etc/sysconfig/network
>> Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
>> enabled; vendor preset: enabled)
>> Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
>> UTC; 2min 24s ago
>> Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
>> (code=exited, status=1/FAILURE)
>> Main PID: 300 (code=exited, status=1/FAILURE)
>>
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
>> set NIS domainname from /etc/sysconfig/network...
>> Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
>> nisdomainname: you must be root to change the domain name
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
>> nis-domainname.service: Main process exited, code=exited,
>> status=1/FAILURE
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
>> nis-domainname.service: Failed with result 'exit-code'.
>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
>> Read and set NIS domainname from /etc/sysconfig/network.
>> [root@idm-client1 /]#
>
> Looks like this message appears on any EPERM failure [1]. Are you
> running in a container? Any SELinux errors?
Right you are: running in container. SELinux currently disabled in host.
You could try --no-nisdomain
Or a more complex approach like the server container does,
https://github.com/freeipa/freeipa-container/blob/master/hostnamectl-wrapper
rob
4:47 a.m.
New subject: ipa client install as root but am told I need to be root
On Tue, Feb 13, 2024 at 5:43 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Mauricio Tavares via FreeIPA-users wrote:
> On Tue, Feb 13, 2024 at 4:37 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
>>
>> Mauricio Tavares via FreeIPA-users wrote:
>>> So I am trying to add the first ipa client to my test environment. If
>>> I am running ipa-client-install as a root, why is it barking that
>>>
>>> nisdomainname: you must be root to change the domain name
>>>
>>> [root@idm-client1 /]# ipa-client-install --domain example.test
>>> --no-ntp --mkhomedir
>>> This program will set up IPA client.
>>> Version 4.9.12
>>>
>>> Discovery was successful!
>>> Client hostname: idm-client1.example.test
>>> Realm: EXAMPLE.TEST
>>> DNS Domain: example.test
>>> IPA Server: idm01.example.test
>>> BaseDN: dc=example,dc=test
>>>
>>> Continue to configure the system with these values? [no]: yes
>>> Continue to configure the system with these values? [no]: yes
>>> Skipping chrony configuration
>>> User authorized to enroll computers: admin
>>> Password for admin(a)EXAMPLE.TEST:
>>> Successfully retrieved CA cert
>>> Subject: CN=Certificate Authority,O=EXAMPLE.TEST
>>> Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
>>> Valid From: 2024-02-07 15:25:44
>>> Valid Until: 2044-02-07 15:25:44
>>>
>>> Enrolled in IPA realm EXAMPLE.TEST
>>> Created /etc/ipa/default.conf
>>> Configured /etc/sssd/sssd.conf
>>> Systemwide CA database updated.
>>> SSSD enabled
>>> Configured /etc/openldap/ldap.conf
>>> /etc/ssh/ssh_config not found, skipping configuration
>>> /etc/ssh/sshd_config not found, skipping configuration
>>> Configuring example.test as NIS domain.
>>> CalledProcessError(Command ['/bin/systemctl', 'restart',
>>> 'nis-domainname.service'] returned non-zero exit status 1: 'Job
for
>>> nis-domainname.service failed because the control process exited with
>>> error code.\nSee "systemctl status nis-domainname.service" and
>>> "journalctl -xe" for details.\n')
>>> The ipa-client-install command failed. See
>>> /var/log/ipaclient-install.log for more information
>>> [root@idm-client1 /]#
>>>
>>> [root@idm-client1 /]# systemctl status nis-domainname.service --full
--no-pager
>>> ● nis-domainname.service - Read and set NIS domainname from
>>> /etc/sysconfig/network
>>> Loaded: loaded (/usr/lib/systemd/system/nis-domainname.service;
>>> enabled; vendor preset: enabled)
>>> Active: failed (Result: exit-code) since Mon 2024-02-12 21:26:58
>>> UTC; 2min 24s ago
>>> Process: 300 ExecStart=/usr/libexec/hostname/nis-domainname
>>> (code=exited, status=1/FAILURE)
>>> Main PID: 300 (code=exited, status=1/FAILURE)
>>>
>>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Starting Read and
>>> set NIS domainname from /etc/sysconfig/network...
>>> Feb 12 21:26:58 idm-client1.example.test nis-domainname[301]:
>>> nisdomainname: you must be root to change the domain name
>>> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
>>> nis-domainname.service: Main process exited, code=exited,
>>> status=1/FAILURE
>>> Feb 12 21:26:58 idm-client1.example.test systemd[1]:
>>> nis-domainname.service: Failed with result 'exit-code'.
>>> Feb 12 21:26:58 idm-client1.example.test systemd[1]: Failed to start
>>> Read and set NIS domainname from /etc/sysconfig/network.
>>> [root@idm-client1 /]#
>>
>> Looks like this message appears on any EPERM failure [1]. Are you
>> running in a container? Any SELinux errors?
>
> Right you are: running in container. SELinux currently disabled in host.
You could try --no-nisdomain
Or a more complex approach like the server container does,
https://github.com/freeipa/freeipa-container/blob/master/hostnamectl-wrapper
rob
----no-nisdomain worked for me. Thanks! I will also check the
server container approach; there are things there I would like to use
anyway.
115
days inactive
124
days old
freeipa-users@lists.fedorahosted.org
4 comments
2 participants
participants (2)
-
Mauricio Tavares -
Rob Crittenden