On Суб, 10 мая 2025, Adam Bishop via FreeIPA-users wrote:
The variables for ipa-server-install are passed as environment variables to the container - unfortunately --enable-compat requires --setup-adtrust to also be set, which appears broken.
compat tree is enabled by default, it just resolving AD users is not enabled by default. So what specifically does not work for you? Searches against the compat tree should work in default installation for IPA users and groups. At least, right now.
I've not been able to get the installer to complete with AD trusts enabled - the documentation says to pass the container's FQDN in an environment variable (IPA_SERVER_HOSTNAME), however the Samba set up step doesn't use it: [error] ValueError: Host reports different name than configured: '6f9cc0cca2f1' versus 'server01.ipa.local'. Samba requires to have the same hostname or Kerberos principal 'cifs/server01.ipa.local' will not be found in Samba keytab. Host reports different name than configured: '6f9cc0cca2f1' versus 'server01.ipa.local'. Samba requires to have the same hostname or Kerberos principal 'cifs/server01.ipa.local' will not be found in Samba keytab.
That's correct, you need to have proper name resolution for the host, not just passing the variables to the container. This will bite in other areas, not just in Samba case. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
