[Freeipa-users] ipa-client install error
Rob Crittenden
rcritten at redhat.com
Tue May 1 13:19:39 UTC 2012
Steven Jones wrote:
> I made a slight oops, I just upgraded a long un-used vm on my desktop from 6.2beta to 6.3beta instead of 6.2 by mistake. Anyway since our satellite is down I cant correct this so I tried to add the 6.3beta client to IPA on 6.2 and I get an error.
>
> ==============
> [root at rhel664ws01 ~]# ipa-client-install --mkhomedir
> Discovery was successful!
> Hostname: rhel664ws01.ods.vuw.ac.nz
> Realm: ODS.VUW.AC.NZ
> DNS Domain: ods.vuw.ac.nz
> IPA Server: vuwunicoipam002.ods.vuw.ac.nz
> BaseDN: dc=ods,dc=vuw,dc=ac,dc=nz
>
>
> Continue to configure the system with these values? [no]: yes
> User authorized to enroll computers: admjonesst1
> Synchronizing time with KDC...
> Unable to sync time with IPA NTP server, assuming the time is in sync.
> Password for admjonesst1 at ODS.VUW.AC.NZ:
>
> Enrolled in IPA realm ODS.VUW.AC.NZ
> Created /etc/ipa/default.conf
> Unable to activate the SSH service in SSSD config.
> Please make sure you have SSSD built with SSH support installed.
> Configure SSH support manually in /etc/sssd/sssd.conf.
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm ODS.VUW.AC.NZ
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 1534, in<module>
> sys.exit(main())
> File "/usr/sbin/ipa-client-install", line 1521, in main
> rval = install(options, env, fstore, statestore)
> File "/usr/sbin/ipa-client-install", line 1358, in install
> api.Backend.xmlclient.connect()
> File "/usr/lib/python2.6/site-packages/ipalib/backend.py", line 63, in connect
> conn = self.create_connection(*args, **kw)
> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 410, in create_connection
> raise errors.KerberosError(major=str(krberr), minor='')
> ipalib.errors.KerberosError: Kerberos error: did not receive Kerberos credentials/
> [root at rhel664ws01 ~]#
> ===========
>
> Is this expected when trying to connect 6.3beta? ie its simply not compatible?
>
The newer 2.2 client cannot connect to an older 2.1 server because it
isn't going to send the TGT that the 2.1 server requires. We should
handle this better, I've opened a ticket to track this:
https://fedorahosted.org/freeipa/ticket/2697
rob
More information about the Freeipa-users
mailing list