Re: [Freeipa-devel] [Freeipa-users] ipa admin tool error ipa: ERROR: Client is not configured. Run ipa-client-install.
Petr Spacek wrote: On 7.1.2013 17:47, Rob Crittenden wrote: Petr Viktorin wrote: On 01/07/2013 11:00 AM, Natxo Asenjo wrote: hi, on a workstation *not* joined to the IPA domain but with the the ipa admin tools installed I get this error when trying to modify dns settings and I have a kerberos ticket of an admin user: $ kinit user.ad...@unix.domain.tld Password for user.ad...@unix.domain.tld $ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: user.ad...@unix.domain.tld Valid starting ExpiresService principal 01/07/13 10:47:09 01/08/13 10:47:06 krbtgt/unix.domain@unix.domain.tld renew until 01/14/13 10:47:06 $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300 ipa: ERROR: Client is not configured. Run ipa-client-install. Is this 'by design'? This limitation on the cli tool does not apply to the web interface, by the way, that is, I can login the web interface without being joined to the domain and modify all kind of stuff there ;-). To be more specific: this is not a problem, I can run this command on a joined host, but I was just curious. I think the check we're making here (at least one directive has to be read from a config file) is rather limiting. I'd expect the following to work: ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod example.com ipa --ttl=300 The reason is you get a really crappy error if you try to run the tool on an unconfigured machine without cleverly passing in the URI via -e. IMHO the error message could be much clearer: IPA client is not configured on this machine. Configure xmlrpc_uri in ~/.ipa/default.conf or add -e xmlrpc_uri= parameter before using IPA admin tools. Something like that ... I think I'd prefer to write a note on the wiki on how to manually minimally configure a host to use the ipa tool. This is the first time this has come up on the list, so it isn't a particularly hot issue. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Freeipa-users] ipa admin tool error ipa: ERROR: Client is not configured. Run ipa-client-install.
On 01/07/2013 11:00 AM, Natxo Asenjo wrote: hi, on a workstation *not* joined to the IPA domain but with the the ipa admin tools installed I get this error when trying to modify dns settings and I have a kerberos ticket of an admin user: $ kinit user.ad...@unix.domain.tld Password for user.ad...@unix.domain.tld $ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: user.ad...@unix.domain.tld Valid starting ExpiresService principal 01/07/13 10:47:09 01/08/13 10:47:06 krbtgt/unix.domain@unix.domain.tld renew until 01/14/13 10:47:06 $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300 ipa: ERROR: Client is not configured. Run ipa-client-install. Is this 'by design'? This limitation on the cli tool does not apply to the web interface, by the way, that is, I can login the web interface without being joined to the domain and modify all kind of stuff there ;-). To be more specific: this is not a problem, I can run this command on a joined host, but I was just curious. I think the check we're making here (at least one directive has to be read from a config file) is rather limiting. I'd expect the following to work: ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod example.com ipa --ttl=300 -- PetrĀ³ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Freeipa-users] ipa admin tool error ipa: ERROR: Client is not configured. Run ipa-client-install.
Petr Viktorin wrote: On 01/07/2013 11:00 AM, Natxo Asenjo wrote: hi, on a workstation *not* joined to the IPA domain but with the the ipa admin tools installed I get this error when trying to modify dns settings and I have a kerberos ticket of an admin user: $ kinit user.ad...@unix.domain.tld Password for user.ad...@unix.domain.tld $ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: user.ad...@unix.domain.tld Valid starting ExpiresService principal 01/07/13 10:47:09 01/08/13 10:47:06 krbtgt/unix.domain@unix.domain.tld renew until 01/14/13 10:47:06 $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300 ipa: ERROR: Client is not configured. Run ipa-client-install. Is this 'by design'? This limitation on the cli tool does not apply to the web interface, by the way, that is, I can login the web interface without being joined to the domain and modify all kind of stuff there ;-). To be more specific: this is not a problem, I can run this command on a joined host, but I was just curious. I think the check we're making here (at least one directive has to be read from a config file) is rather limiting. I'd expect the following to work: ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod example.com ipa --ttl=300 The reason is you get a really crappy error if you try to run the tool on an unconfigured machine without cleverly passing in the URI via -e. rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [Freeipa-users] ipa admin tool error ipa: ERROR: Client is not configured. Run ipa-client-install.
On 7.1.2013 17:47, Rob Crittenden wrote: Petr Viktorin wrote: On 01/07/2013 11:00 AM, Natxo Asenjo wrote: hi, on a workstation *not* joined to the IPA domain but with the the ipa admin tools installed I get this error when trying to modify dns settings and I have a kerberos ticket of an admin user: $ kinit user.ad...@unix.domain.tld Password for user.ad...@unix.domain.tld $ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: user.ad...@unix.domain.tld Valid starting ExpiresService principal 01/07/13 10:47:09 01/08/13 10:47:06 krbtgt/unix.domain@unix.domain.tld renew until 01/14/13 10:47:06 $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300 ipa: ERROR: Client is not configured. Run ipa-client-install. Is this 'by design'? This limitation on the cli tool does not apply to the web interface, by the way, that is, I can login the web interface without being joined to the domain and modify all kind of stuff there ;-). To be more specific: this is not a problem, I can run this command on a joined host, but I was just curious. I think the check we're making here (at least one directive has to be read from a config file) is rather limiting. I'd expect the following to work: ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod example.com ipa --ttl=300 The reason is you get a really crappy error if you try to run the tool on an unconfigured machine without cleverly passing in the URI via -e. IMHO the error message could be much clearer: IPA client is not configured on this machine. Configure xmlrpc_uri in ~/.ipa/default.conf or add -e xmlrpc_uri= parameter before using IPA admin tools. Something like that ... -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel