On 12/28/2013 06:50 PM, Rob Crittenden wrote:
> Will Sheldon wrote:
>>
>> Hello :)
>>
>> I'm trying to setup a ubuntu 12.04.3 client running freeipa-client
>> 3.2.0-0ubuntu1~precise1 form the apt repo at
>> http://ppa.launchpad.net/freeipa/ppa/ubuntu
>> The server is a (fully updated) centos 6.5 box running ipa-server.x86_64
>> 3.0.0-37.el6
>>
>> The script mostly works on a stock install, but there is an error
>> uploading SSH keys, This appears to be called from the
>> ipa-client-install script line 1436:
>>
>>          result = api.Command['host_mod'](unicode(hostname),
>>
>> Which generates the following output when run:
>>
>> stderr=
>> Caught fault 901 from server https://ipa.[domain].com/ipa/xml: 2.58
>> client incompatible with 2.49 server at u'https://ipa.[domain].com/ipa/xml'
>> host_mod: 2.58 client incompatible with 2.49 server at
>> u'https://ipa.[domain].com/ipa/xml'
>> Failed to upload host SSH public keys.
>>
>> I understand that this is not a critical failure and that I can manually
>> upload the host keys if needed but the bit I don't understand is where
>> the version numbers come from.
> 
> The API version is baked into the client and server. We generally provide a
> backwards compatible server, but right now not the client (so a new client
> can't always have 100% success talking to an old server). We are actually
> working on this, especially for client enrollment, to make things work more
> smoothly.
> 
>> How do I revert the api to version 2.49 to match the server?
> 
> You'd have to modify ipapython/version.py on each client before enrollment. 
> For
> enrollment I can't think of any side-effects, but if you ever tried the IPA
> admin tool on such a client then some odd things could happen.
> 
>> What is best practice here, should I be using a different source for the
>> client install script?
> 
> I don't know what is available for Debian/Ubuntu clients these days. It is
> being worked on very hard though I think the focus is on the latest source
> which explains the mismatch.
> 
>> Is there a copy of the correct client files stashed on the server somewhere?
>> Would anyone be interested in helping with development of a yum and apt
>> repo on the server to make all this easier?
> 
> The server being the IPA server, so it can distribute the client bits? An
> interesting idea.
> 
> rob
> 

Note that this issue was fixed in FreeIPA version 3.3.2 (upstream ticket
https://fedorahosted.org/freeipa/ticket/3931).

Thus, when using FreeIPA client 3.3.2 and later, ipa-client-install will upload
the SSH keys even to the older SSH server. No other changes required.

HTH,
Martin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to