[opensuse-autoinstall] SSSD configuration with checkbox "Use Kerberos" enabled not saved/recognized/applied correctly

Hello, we are using SSSD along with Kerberos in our institute. Unfortunately, the XML created via AutoYast seems to forget the "Use Kerberos" checkbox configured under "LDAP client" > "Advanced Settings". Hence, when the XML file is used for auto installation, the "Use Kerberos" setting is not applied and the /etc/sssd/sssd.conf does not set "auth_provider = krb5" but instead "auth_provider = ldap". Please see this XML file created with the Yast Autoinstall module on OS12.2 with the "Use Kerberos" checkbox **enabled**: ----------- <?xml version="1.0"?> <!DOCTYPE profile> <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> <deploy_image> <image_installation config:type="boolean">false</image_installation> </deploy_image> <ldap> <base_config_dn>ou=ldapconfig,ou=users,dc=some</base_config_dn> <bind_dn></bind_dn> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <krb5_kdcip>kerberos.server.com</krb5_kdcip> <krb5_realm>KERBEROS.REALM</krb5_realm> <ldap_domain>ou=users,dc=some</ldap_domain> <ldap_server>ldap.server.com</ldap_server> <ldap_tls config:type="boolean">true</ldap_tls> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <mkhomedir config:type="boolean">false</mkhomedir> <nss_base_group></nss_base_group> <nss_base_passwd></nss_base_passwd> <nss_base_shadow></nss_base_shadow> <pam_password>exop</pam_password> <sssd config:type="boolean">true</sssd> <sssd_ldap_schema>rfc2307</sssd_ldap_schema> <start_autofs config:type="boolean">true</start_autofs> <start_ldap config:type="boolean">true</start_ldap> </ldap> <software> <image/> <instsource></instsource> <packages config:type="list"> <package>sssd</package> <package>krb5-client</package> <package>autofs</package> </packages> </software> </profile> ----------- When loading this profile again inside the Autoinstall module, the "Use Kerberos" checkbox is **disabled**. You can also manually reproduce by enabling the checkbox in the Autoinstall module, saving an XML, restarting the module and loading the XML. The checkbox will now be disabled! So, maybe there is a XML tag for this "Use Kerberos" checkbox missing? Or how does Yast decide if this checkbox is enabled or disabled? Also note, on 12.2 the "Apply to System" button in the Autoinstall module does not work for me. I get asked for a confirmation, but then nothing happens. I need to click "File" > "Apply Profile to this System" and then it works after confirmation! But I just noticed that right now,... Best regards, Joschi Brauchle -- Dipl.-Ing. Joschi Brauchle, M.S. Institute for Communications Engineering (LNT) Technische Universitaet Muenchen (TUM) 80290 Munich, Germany Tel (work): +49 89 289-23474 Fax (work): +49 89 289-23490 E-mail: joschi.brauchle@tum.de Web: http://www.lnt.ei.tum.de/

V Wed, 05 Sep 2012 15:22:40 +0200 Joschi Brauchle <joschi.brauchle@tum.de> napsáno:
Hello,
we are using SSSD along with Kerberos in our institute. Unfortunately, the XML created via AutoYast seems to forget the "Use Kerberos" checkbox configured under "LDAP client" > "Advanced Settings".
Hence, when the XML file is used for auto installation, the "Use Kerberos" setting is not applied and the /etc/sssd/sssd.conf does not set "auth_provider = krb5" but instead "auth_provider = ldap".
Please file a bug report and assign to me. I'll create patch for testing. Jiri
Best regards, Joschi Brauchle
-- Jiri Suchomel SUSE LINUX, s.r.o. Lihovarská 1060/12 tel: +420 284 028 960 190 00 Praha 9, Czech Republic http://www.suse.cz -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org

Hello Jiri, thanks for you help! Please see https://bugzilla.novell.com/show_bug.cgi?id=778949 Best regards, Joschi Brauchle On 09/06/2012 08:01 AM, Jiří Suchomel wrote:
Please file a bug report and assign to me. I'll create patch for testing.
Jiri
participants (2)
-
Jiří Suchomel
-
Joschi Brauchle