-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'realm_join_with_password' doesnt get called again if domain join failed #2
Comments
It sounds like the |
I came across this issue while creating the Debian portion. @jbencic mentioned he was using a keytab file. if It appears to stem from I don't use keytabs in my environment, but I believe the below code would fix it:
|
The join command does run before the sssd.conf file is placed on disk. The problem is that the join command fails on the first run but the sssd.conf file is still configured. On the second run, the I've updated the code to perform a more robust check via At least now you will get consistent failures if this is the case, because the keytab check will fail and This could easily be remedied if the |
I'm going to go ahead an close this as I don't think there is a good solution for this until the |
i have a scenario where the first time I did a puppet run the AD domain join failed
then every subsequent run; it would just try to start the service an fail saying no keytab file
I believe this is because 'realm_join_with_password' should be executed everytime not just if the /etc/realm.conf file changes refreshonly and notify
deleting the /etc/realm.conf and [deleting /etc/sssd/sssd.conf OR running realm leave 'mydomain'] resolves the issue eg "realm join" gets called and joins the domain
maybe the "unless" statement in realm_join_with_password could be some other test to validate the system has been joined to the domain
The text was updated successfully, but these errors were encountered: