Steven Jones wrote:
So this opens a chicken and egg?
ie when RHEL6.3 comes out and I upgrade the IPA server(s) to 6.3 all the older
6.2 clients will break? but I cant upgrade the clients until after the servers
are done....if so that is a huge and ugly looking task that is one way....
No, that's not the problem at all. Enrolled clients will work as
expected. New 6.3 clients can enroll with a 6.3 server. Based on the log
it looks like a 6.3 client can't enroll with a 6.2 server but I'm still
investigating. We'll fix it if needed.
rob
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: Rob Crittenden [[email protected]]
Sent: Wednesday, 2 May 2012 1:19 a.m.
To: Steven Jones
Cc: [email protected]
Subject: Re: [Freeipa-users] ipa-client install error
Steven Jones wrote:
I made a slight oops, I just upgraded a long un-used vm on my desktop from
6.2beta to 6.3beta instead of 6.2 by mistake. Anyway since our satellite is
down I cant correct this so I tried to add the 6.3beta client to IPA on 6.2 and
I get an error.
==============
[root@rhel664ws01 ~]# ipa-client-install --mkhomedir
Discovery was successful!
Hostname: rhel664ws01.ods.vuw.ac.nz
Realm: ODS.VUW.AC.NZ
DNS Domain: ods.vuw.ac.nz
IPA Server: vuwunicoipam002.ods.vuw.ac.nz
BaseDN: dc=ods,dc=vuw,dc=ac,dc=nz
Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admjonesst1
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync.
Password for [email protected]:
Enrolled in IPA realm ODS.VUW.AC.NZ
Created /etc/ipa/default.conf
Unable to activate the SSH service in SSSD config.
Please make sure you have SSSD built with SSH support installed.
Configure SSH support manually in /etc/sssd/sssd.conf.
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm ODS.VUW.AC.NZ
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1534, in<module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1521, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1358, in install
api.Backend.xmlclient.connect()
File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in
connect
conn = self.create_connection(*args, **kw)
File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in
create_connection
raise errors.KerberosError(major=str(krberr), minor='')
ipalib.errors.KerberosError: Kerberos error: did not receive Kerberos
credentials/
[root@rhel664ws01 ~]#
===========
Is this expected when trying to connect 6.3beta? ie its simply not compatible?
The newer 2.2 client cannot connect to an older 2.1 server because it
isn't going to send the TGT that the 2.1 server requires. We should
handle this better, I've opened a ticket to track this:
https://fedorahosted.org/freeipa/ticket/2697
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
