Re-enrolling a client (and possibly adding a password using host-mod once a host is created) results in a client that cannot be enrolled.
I reproduced this with: - ipa host-add --random test.example.com - on test.example.com: ipa-client-install -w <password> - on test.example.com: ipa-client-install --uninstall - ipa host-mod --random test.example.com - on test.example.com: ipa-client-install -w <password>
Joining realm failed: principal not found in host entry Certificate subject base is: O=EXAMPLE.COM
A user in IRC reported the problem using the web UI, he did this:
- created host in webUI - set the OTP - tried to enroll
https://bugzilla.redhat.com/show_bug.cgi?id=714799
Setting a password (either --random or --password) sets krblastpwdchange which we use as a rough way to tell whether a keytab has been created.
attachment freeipa-rcrit-810-enroll.patch
master: a00b038
ipa-2-0: 6fd15fe
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.