Thanks for the super fast reply! I'll do my best to reply in-line, but I'm bound to outlook, which doesn't like it too much.
>> Hi all! >> >> I'm working on updating my freeipa server from rocky 8 to 9. I'm playing >> around with a virtual machines as playground server and client, since I'd >> rather not break my everything right away. As part of this, I first >> installed ipa-server version 4.10.2-8.el9_3 on the server. Then I did an >> ipa-restore with a backup from my production ipa server (rocky 8, >> 4.9.12-11.module+el8.9.0+1652+4ee71f6a), followed by an ipa-server-upgrade. >> All is well so far (I think). > I don't know how you achieved this. ipa-restore attempts to prevent > using restore as a backdoor upgrade mechanism. It didn't complain /too/ much honestly. It saw the version mismatch between the backup and the installed server, asked for a "yes", and then happily went on its way. Is there a better way to achieve what I want/need? >> The client is running Debian bookworm with backports, where the latest >> ipa-client version is 4.9.11-1. Then, I went with the usual >> ipa-client-install --no-ntp, which fails with "Joining realm failed: Failed >> to parse result: PrincipalName not found." after retrieving the CA cert. >> The logs don't tell me much more, but the --debug flag does. It negotiates a >> JSON-RPC response, in which it says '{... "principal": "ad...@example.com", >> ...}'. I note that principal != PrincipalName. Also note, that on the >> server, the host /is/ added. >> >> So I guess my question is: how much version skew between server and client >> is supported? > Plenty. There isn't much to client enrollment and the API hasn't changed > significantly in a long time. Ok. Is there any other place I can look for what's going wrong? > rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue