[Freeipa-devel] [Freeipa-users] ipa admin tool error "ipa: ERROR: Client is not configured. Run ipa-client-install."
Petr Viktorin
pviktori at redhat.com
Mon Jan 7 11:25:58 UTC 2013
On 01/07/2013 11:00 AM, Natxo Asenjo wrote:
> hi,
>
> on a workstation *not* joined to the IPA domain but with the the ipa
> admin tools installed I get this error when trying to modify dns
> settings and I have a kerberos ticket of an admin user:
>
> $ kinit user.admin at UNIX.DOMAIN.TLD
> Password for user.admin at UNIX.DOMAIN.TLD
> $ klist
> Ticket cache: FILE:/tmp/krb5cc_500
> Default principal: user.admin at UNIX.DOMAIN.TLD
>
> Valid starting Expires Service principal
> 01/07/13 10:47:09 01/08/13 10:47:06 krbtgt/UNIX.DOMAIN.TLD at UNIX.DOMAIN.TLD
> renew until 01/14/13 10:47:06
>
> $ ipa dnsrecord-mod unix.domain.tld ipaclient01 --ttl=300
> ipa: ERROR: Client is not configured. Run ipa-client-install.
>
> Is this 'by design'? This limitation on the cli tool does not apply to
> the web interface, by the way, that is, I can login the web interface
> without being joined to the domain and modify all kind of stuff there
> ;-).
>
> To be more specific: this is not a problem, I can run this command on
> a joined host, but I was just curious.
>
I think the check we're making here (at least one directive has to be
read from a config file) is rather limiting. I'd expect the following to
work:
ipa -e xmlrpc_uri=https://ipa.example.com/ipa/xml dnsrecord-mod
example.com ipa --ttl=300
--
Petr³
More information about the Freeipa-devel
mailing list