On 05/01/2012 06:15 PM, Steven Jones wrote: > So this opens a chicken and egg? > > ie when RHEL6.3 comes out and I upgrade the IPA server(s) to 6.3 all the > older 6.2 clients will break? but I cant upgrade the clients until after the > servers are done....if so that is a huge and ugly looking task that is one > way..... >
Yes this is a serious problem. Thank you for uncovering it. Current plan is to: provide a fix for the older clients to be able to connect to 2.2 via errata. Make sure that the 2.2 client can connect to the 2.1 server. Thanks Dmitri > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: Rob Crittenden [[email protected]] > Sent: Wednesday, 2 May 2012 1:19 a.m. > To: Steven Jones > Cc: [email protected] > Subject: Re: [Freeipa-users] ipa-client install error > > Steven Jones wrote: >> I made a slight oops, I just upgraded a long un-used vm on my desktop from >> 6.2beta to 6.3beta instead of 6.2 by mistake. Anyway since our satellite is >> down I cant correct this so I tried to add the 6.3beta client to IPA on 6.2 >> and I get an error. >> >> ============== >> [root@rhel664ws01 ~]# ipa-client-install --mkhomedir >> Discovery was successful! >> Hostname: rhel664ws01.ods.vuw.ac.nz >> Realm: ODS.VUW.AC.NZ >> DNS Domain: ods.vuw.ac.nz >> IPA Server: vuwunicoipam002.ods.vuw.ac.nz >> BaseDN: dc=ods,dc=vuw,dc=ac,dc=nz >> >> >> Continue to configure the system with these values? [no]: yes >> User authorized to enroll computers: admjonesst1 >> Synchronizing time with KDC... >> Unable to sync time with IPA NTP server, assuming the time is in sync. >> Password for [email protected]: >> >> Enrolled in IPA realm ODS.VUW.AC.NZ >> Created /etc/ipa/default.conf >> Unable to activate the SSH service in SSSD config. >> Please make sure you have SSSD built with SSH support installed. >> Configure SSH support manually in /etc/sssd/sssd.conf. >> Configured /etc/sssd/sssd.conf >> Configured /etc/krb5.conf for IPA realm ODS.VUW.AC.NZ >> Traceback (most recent call last): >> File "/usr/sbin/ipa-client-install", line 1534, in<module> >> sys.exit(main()) >> File "/usr/sbin/ipa-client-install", line 1521, in main >> rval = install(options, env, fstore, statestore) >> File "/usr/sbin/ipa-client-install", line 1358, in install >> api.Backend.xmlclient.connect() >> File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in >> connect >> conn = self.create_connection(*args, **kw) >> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in >> create_connection >> raise errors.KerberosError(major=str(krberr), minor='') >> ipalib.errors.KerberosError: Kerberos error: did not receive Kerberos >> credentials/ >> [root@rhel664ws01 ~]# >> =========== >> >> Is this expected when trying to connect 6.3beta? ie its simply not >> compatible? >> > The newer 2.2 client cannot connect to an older 2.1 server because it > isn't going to send the TGT that the 2.1 server requires. We should > handle this better, I've opened a ticket to track this: > https://fedorahosted.org/freeipa/ticket/2697 > > rob > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
