From 1b2f6d7e8b066f7f2e158dd85ec3532fd083b608 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 19 Jul 2018 13:00:39 +0200
Subject: [PATCH] ipaclient: Set default_domain in krb5.conf in the same way as
 ipa-client-install

Set default_domain if not ipadiscovery.dnsok or not ipadiscovery.kdc like it
is done in ipa-client-install.
---
 roles/ipa-krb5/templates/krb5.conf.j2 | 2 +-
 roles/ipaclient/tasks/install.yml     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/ipa-krb5/templates/krb5.conf.j2 b/roles/ipa-krb5/templates/krb5.conf.j2
index a52e9548..a05c7829 100644
--- a/roles/ipa-krb5/templates/krb5.conf.j2
+++ b/roles/ipa-krb5/templates/krb5.conf.j2
@@ -22,7 +22,7 @@ includedir {{ krb5_include_d }}
     admin_server = {{ server }}:749
     kpasswd_server = {{ server }}:464
 {% endfor %}
-{% if krb5_no_default_domain | bool %}
+{% if krb5_default_domain | bool %}
     default_domain = {{ krb5_realm | lower }}
 {% endif %}
 {% if krb5_pkinit_anchors is defined %}
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 2ad4eb63..6b78cb94 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -198,7 +198,7 @@
       krb5_realm: "{{ ipadiscovery.realm }}"
       krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
       krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
-      krb5_no_default_domain: "{{ 'true' if ipadiscovery.domain != ipadiscovery.client_domain else 'false' }}"
+      krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
       krb5_pkinit_anchors: "FILE:/etc/ipa/ca.crt"
     when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version <= 40400
 
@@ -210,7 +210,7 @@
       krb5_realm: "{{ ipadiscovery.realm }}"
       krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
       krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
-      krb5_no_default_domain: "{{ 'true' if ipadiscovery.domain != ipadiscovery.client_domain else 'false' }}"
+      krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
       krb5_dns_canonicalize_hostname: "false"
       krb5_pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem"
       krb5_pkinit_anchors: "FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
-- 
GitLab