Kroon PC, Peter via FreeIPA-users wrote: > Hi all! > > I'm working on updating my freeipa server from rocky 8 to 9. I'm playing > around with a virtual machines as playground server and client, since I'd > rather not break my everything right away. As part of this, I first installed > ipa-server version 4.10.2-8.el9_3 on the server. Then I did an ipa-restore > with a backup from my production ipa server (rocky 8, > 4.9.12-11.module+el8.9.0+1652+4ee71f6a), followed by an ipa-server-upgrade. > All is well so far (I think).
I don't know how you achieved this. ipa-restore attempts to prevent using restore as a backdoor upgrade mechanism. > The client is running Debian bookworm with backports, where the latest > ipa-client version is 4.9.11-1. Then, I went with the usual > ipa-client-install --no-ntp, which fails with "Joining realm failed: Failed > to parse result: PrincipalName not found." after retrieving the CA cert. > The logs don't tell me much more, but the --debug flag does. It negotiates a > JSON-RPC response, in which it says '{... "principal": "ad...@example.com", > ...}'. I note that principal != PrincipalName. Also note, that on the server, > the host /is/ added. > > So I guess my question is: how much version skew between server and client is > supported? Plenty. There isn't much to client enrollment and the API hasn't changed significantly in a long time. rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue