Adding freeipa-users list back, so that others benefit from the discussion.

On 01/26/2016 07:47 PM, Izzo, Anthony wrote:
> The error I'm getting is that the option "raw" is invalid.  The dnsrecord-del 
> command includes a "--raw" switch on RHEL6, but not on RHEL7.  I am not using 
> the switch, but according to the debug output, RHEL6 is passing "raw" (as a 
> parameter with a value) unconditionally, with the value indicating whether 
> the flag was selected or not.  Since RHEL7 does not accept "raw", it fails.

Ah, I see. It looks like we broke forward compatibility of this command in
https://fedorahosted.org/freeipa/ticket/3503
I think dnsrecord-del should at least "eat" the options withour raising error.
CCing Martin Basti to eventually create ticket for it. Martin, can you think of
any workaround that Anthony could use, besides using nsupdate?

> I hadn't thought about using the nsupdate tool, I'll give that a shot.  
> Thanks.
> 
> Tony
> 
> -----Original Message-----
> From: Martin Kosek [mailto:mko...@redhat.com] 
> Sent: Tuesday, January 26, 2016 11:10 AM
> To: Izzo, Anthony (U.S. Person) <aizz...@harris.com>; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] ipa-admintools version incompatibility
> 
> On 01/26/2016 04:22 PM, Izzo, Anthony wrote:
>> I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6).  
>> I am aware of the incompatibility between versions for ipa-admintools (in my 
>> case I'm trying to use ipa dnsrecord-del).  I was just wondering if there is 
>> a workaround that would allow me, from my 3.0 client, to delete a DNS PTR 
>> record on the 4.2 server, since I can't use the ipa dnsrecord-del command 
>> (the APIs are different, and the server responds that I've sent an invalid 
>> option).  Thanks.
> 
> That's strange, client should be forward compatible already:
> 
> http://www.freeipa.org/page/Client#IPA_management_tool
> 
> , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know 
> more if you send us the error.
> 
> Anyway, given you are only updating DNS, maybe you could just use standard 
> Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record?
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to