[Freeipa-users] ipa-client-install 2.58 client incompatible with 2.49 server

Will Sheldon mail at willsheldon.com
Fri Jan 3 01:04:40 UTC 2014 

Thanks guys.

For now I've just reverted the reported version while the install script
runs. It seems to work OK.


On Thu, Jan 2, 2014 at 9:06 AM, Martin Kosek <mkosek at redhat.com> wrote:

> On 12/28/2013 06:50 PM, Rob Crittenden wrote:
> > Will Sheldon wrote:
> >>
> >> Hello :)
> >>
> >> I'm trying to setup a ubuntu 12.04.3 client running freeipa-client
> >> 3.2.0-0ubuntu1~precise1 form the apt repo at
> >> http://ppa.launchpad.net/freeipa/ppa/ubuntu
> >> The server is a (fully updated) centos 6.5 box running ipa-server.x86_64
> >> 3.0.0-37.el6
> >>
> >> The script mostly works on a stock install, but there is an error
> >> uploading SSH keys, This appears to be called from the
> >> ipa-client-install script line 1436:
> >>
> >>          result = api.Command['host_mod'](unicode(hostname),
> >>
> >> Which generates the following output when run:
> >>
> >> stderr=
> >> Caught fault 901 from server https://ipa.[domain].com/ipa/xml: 2.58
> >> client incompatible with 2.49 server at u'https://ipa.
> [domain].com/ipa/xml'
> >> host_mod: 2.58 client incompatible with 2.49 server at
> >> u'https://ipa.[domain].com/ipa/xml'
> >> Failed to upload host SSH public keys.
> >>
> >> I understand that this is not a critical failure and that I can manually
> >> upload the host keys if needed but the bit I don't understand is where
> >> the version numbers come from.
> >
> > The API version is baked into the client and server. We generally
> provide a
> > backwards compatible server, but right now not the client (so a new
> client
> > can't always have 100% success talking to an old server). We are actually
> > working on this, especially for client enrollment, to make things work
> more
> > smoothly.
> >
> >> How do I revert the api to version 2.49 to match the server?
> >
> > You'd have to modify ipapython/version.py on each client before
> enrollment. For
> > enrollment I can't think of any side-effects, but if you ever tried the
> IPA
> > admin tool on such a client then some odd things could happen.
> >
> >> What is best practice here, should I be using a different source for the
> >> client install script?
> >
> > I don't know what is available for Debian/Ubuntu clients these days. It
> is
> > being worked on very hard though I think the focus is on the latest
> source
> > which explains the mismatch.
> >
> >> Is there a copy of the correct client files stashed on the server
> somewhere?
> >> Would anyone be interested in helping with development of a yum and apt
> >> repo on the server to make all this easier?
> >
> > The server being the IPA server, so it can distribute the client bits? An
> > interesting idea.
> >
> > rob
> >
>
> Note that this issue was fixed in FreeIPA version 3.3.2 (upstream ticket
> https://fedorahosted.org/freeipa/ticket/3931).
>
> Thus, when using FreeIPA client 3.3.2 and later, ipa-client-install will
> upload
> the SSH keys even to the older SSH server. No other changes required.
>
> HTH,
> Martin
>



-- 

Kind regards,

Will Sheldon
+1.(778)-689-4144
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140102/74ec891d/attachment.htm>

More information about the Freeipa-users mailing list