systemd: Fix error message when joining AD domains #13803
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Installing cockpit-ws credentials is only supported for FreeIPA. When joining an AD domain, trying to call the `ipa` command line client will just thrown an error message "IPA client is not configured on this system". This appears in the "Join Domain" dialog without further details, but the joining works anyway, so this was rather confusing. Only actually run install_ws_credentials() when the Server software is "ipa". Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1813136
|
Our regression tests will make sure that ws credentials still work against FreeIPA. However, we don't have an AD server in our CI, so this can only be tested manually. I did that against @sgallagher 's AD server (thanks!), and joining the domain now works cleanly. In the console I see I'd like to keep that log message for easier debugging on the customer side, and it confirms that the server software query works correctly for both IPA and AD. |
|
LGTM |
mvollmer
approved these changes
Mar 27, 2020
martinpitt
added a commit
to martinpitt/cockpit
that referenced
this pull request
Apr 21, 2020
Re-use the common TestRealms tests. This currently uses a custom sudo rule for giving sudo access to domain admins. This is not very elegant yet, but initial search all pointed to this method. There ought to be a centralized method on the domain server side, similar to `ipa-advise enable-admins-sudo`. Adjust the expected error messages in testUnqualifiedUsers() when giving a wrong password, as they look different when joining AD. This also detects the AD joining bug fixed in PR cockpit-project#13803, so skip testUnqualifiedUsers() on rhel-8-2-distropkg. Closes cockpit-project#13921
martinpitt
added a commit
that referenced
this pull request
Apr 21, 2020
Re-use the common TestRealms tests. This currently uses a custom sudo rule for giving sudo access to domain admins. This is not very elegant yet, but initial search all pointed to this method. There ought to be a centralized method on the domain server side, similar to `ipa-advise enable-admins-sudo`. Adjust the expected error messages in testUnqualifiedUsers() when giving a wrong password, as they look different when joining AD. This also detects the AD joining bug fixed in PR #13803, so skip testUnqualifiedUsers() on rhel-8-2-distropkg. Closes #13921
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Installing cockpit-ws credentials is only supported for FreeIPA. When
joining an AD domain, trying to call the
ipacommand line client willjust thrown an error message "IPA client is not configured on this
system". This appears in the "Join Domain" dialog without further
details, but the joining works anyway, so this was rather confusing.
Only actually run install_ws_credentials() when the Server software is
"ipa".
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1813136