Hello,
we are using SSSD along with Kerberos in our institute.
Unfortunately, the XML created via AutoYast seems to forget the "Use
Kerberos" checkbox configured under "LDAP client" > "Advanced Settings".
Hence, when the XML file is used for auto installation, the "Use
Kerberos" setting is not applied and the /etc/sssd/sssd.conf does not
set "auth_provider = krb5" but instead "auth_provider = ldap".
Please see this XML file created with the Yast Autoinstall module on
OS12.2 with the "Use Kerberos" checkbox **enabled**:
-----------
<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns"
xmlns:config="http://www.suse.com/1.0/configns">
false
<ldap>
ou=ldapconfig,ou=users,dc=some
false
false
kerberos.server.com
KERBEROS.REALM
ou=users,dc=some
ldap.server.com
true
true
member
<mkhomedir config:type="boolean">false</mkhomedir>
exop
<sssd config:type="boolean">true</sssd>
rfc2307
true
true
</ldap>
<software>
<image/>
<instsource></instsource>
<packages config:type="list">
<package>sssd</package>
<package>krb5-client</package>
<package>autofs</package>
</packages>
</software>
</profile>
-----------
When loading this profile again inside the Autoinstall module, the "Use
Kerberos" checkbox is **disabled**.
You can also manually reproduce by enabling the checkbox in the
Autoinstall module, saving an XML, restarting the module and loading the
XML. The checkbox will now be disabled!
So, maybe there is a XML tag for this "Use Kerberos" checkbox missing?
Or how does Yast decide if this checkbox is enabled or disabled?
Also note, on 12.2 the "Apply to System" button in the Autoinstall
module does not work for me. I get asked for a confirmation, but then
nothing happens. I need to click "File" > "Apply Profile to this System"
and then it works after confirmation! But I just noticed that right now,...
Best regards,
Joschi Brauchle
--
Dipl.-Ing. Joschi Brauchle, M.S.
Institute for Communications Engineering (LNT)
Technische Universitaet Muenchen (TUM)
80290 Munich, Germany
Tel (work): +49 89 289-23474
Fax (work): +49 89 289-23490
E-mail: joschi.brauchle@tum.de
Web: http://www.lnt.ei.tum.de/