https://bugzilla.novell.com/show_bug.cgi?id=778949 https://bugzilla.novell.com/show_bug.cgi?id=778949#c0 Summary: LDAP/SSSD configuration with checkbox "Use Kerberos" enabled not saved/recognized/applied correctly Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: Other OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: AutoYaST AssignedTo: ug@suse.com ReportedBy: joschibrauchle@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1 Hello, we are using SSSD along with Kerberos in our institute. Unfortunately, the XML created via AutoYast seems to forget about the "Use Kerberos" checkbox configured under "LDAP client" > "Advanced Settings". Hence, when the XML file is used for auto installation, the "Use Kerberos" setting is not applied and the /etc/sssd/sssd.conf does not set "auth_provider = krb5" but instead "auth_provider = ldap". Please see this XML file, which was created with the Yast Autoinstall module on OS12.2 with the "Use Kerberos" checkbox **enabled**: ----------- <?xml version="1.0"?> <!DOCTYPE profile> <profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns"> <deploy_image> <image_installation config:type="boolean">false</image_installation> </deploy_image> <ldap> <base_config_dn>ou=ldapconfig,ou=users,dc=some</base_config_dn> <bind_dn></bind_dn> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <krb5_kdcip>kerberos.server.com</krb5_kdcip> <krb5_realm>KERBEROS.REALM</krb5_realm> <ldap_domain>ou=users,dc=some</ldap_domain> <ldap_server>ldap.server.com</ldap_server> <ldap_tls config:type="boolean">true</ldap_tls> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <mkhomedir config:type="boolean">false</mkhomedir> <nss_base_group></nss_base_group> <nss_base_passwd></nss_base_passwd> <nss_base_shadow></nss_base_shadow> <pam_password>exop</pam_password> <sssd config:type="boolean">true</sssd> <sssd_ldap_schema>rfc2307</sssd_ldap_schema> <start_autofs config:type="boolean">true</start_autofs> <start_ldap config:type="boolean">true</start_ldap> </ldap> <software> <image/> <instsource></instsource> <packages config:type="list"> <package>sssd</package> <package>krb5-client</package> <package>autofs</package> </packages> </software> </profile> ----------- When loading this profile again inside the Autoinstall module, the "Use Kerberos" checkbox is in **disabled** state. So, maybe there is a XML tag for this "Use Kerberos" checkbox missing? Or how does Yast decide if this checkbox is enabled or disabled? Reproducible: Always Steps to Reproduce: 1. Enable the "Use Kerberos" checkbox in "LDAP Client" -> "Advanced Settings" of the Autoinstall module 2. Save the XML profile 3. Restart Autoinstall module and load the XML Actual Results: The "Use Kerberos" checkbox will now be disabled! An installation using this profile will result in "auth_provider = ldap" instead of "auth_provider = krb5" in /etc/sssd.conf Expected Results: The "Use Kerberos" checkbox should stay enabled and "auth_provider = krb5" in /etc/sssd.conf -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.