On 23 April 2018 at 17:00, Alexander Bokovoy <abokovoy@redhat.com> wrote:On ma, 23 huhti 2018, Lachlan Musicman via FreeIPA-users wrote:
Am I making hard work of something that is relatively straight forward andNot really answering your question but did you actually look at
solved elsewhere but I've missed?
Ansible has "ignore_errors: True" available, but I feel that is a weak get
out of jail free card. Given that this is authentication and authorization,
errors shouldn't be ignored (opinion).
https://github.com/freeipa/ansible-freeipa instead of creating new ones?Initial impression: it's a very smooth process using the Ansible scripts. Unfortunately I can reproducibly not login when using it. If ipa-client-install manually I can login.I will have to work through the install-client playbook line by line - there's a lot in the playbook I don't recognise as part of the process. Also, I'm on CentOS which isn't officially supported.But it does install ipa-client very easily.I should clarify. The client seems to install successfully. From the client I can `id user@domain` and get the results I'm looking for. But actual login fails. I tried debug_level = 7 and debug_level = 9 but there were no errors thrown or obvious failures?