[Freeipa-users] ipa-admintools version incompatibility

Martin Basti mbasti at redhat.com
Wed Jan 27 10:13:16 UTC 2016 


On 27.01.2016 08:30, Martin Kosek wrote:
> Adding freeipa-users list back, so that others benefit from the discussion.
>
> On 01/26/2016 07:47 PM, Izzo, Anthony wrote:
>> The error I'm getting is that the option "raw" is invalid.  The dnsrecord-del command includes a "--raw" switch on RHEL6, but not on RHEL7.  I am not using the switch, but according to the debug output, RHEL6 is passing "raw" (as a parameter with a value) unconditionally, with the value indicating whether the flag was selected or not.  Since RHEL7 does not accept "raw", it fails.
> Ah, I see. It looks like we broke forward compatibility of this command in
> https://fedorahosted.org/freeipa/ticket/3503
> I think dnsrecord-del should at least "eat" the options withour raising error.
> CCing Martin Basti to eventually create ticket for it. Martin, can you think of
> any workaround that Anthony could use, besides using nsupdate?
I'm not aware of any workaround on that particular client side

Ticket filed: https://fedorahosted.org/freeipa/ticket/5644

Is there any issue that prevents you to use WebUI to remove dnsrecord, 
or calling dnsrecord-del on RHEL7 machine (or directly on server)?

Martin^2
>
>> I hadn't thought about using the nsupdate tool, I'll give that a shot.  Thanks.
>>
>> Tony
>>
>> -----Original Message-----
>> From: Martin Kosek [mailto:mkosek at redhat.com]
>> Sent: Tuesday, January 26, 2016 11:10 AM
>> To: Izzo, Anthony (U.S. Person) <aizzo01 at harris.com>; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] ipa-admintools version incompatibility
>>
>> On 01/26/2016 04:22 PM, Izzo, Anthony wrote:
>>> I have a FreeIPA 4.2 server (on RHEL7) and a FreeIPA 3.0 client (on RHEL6).  I am aware of the incompatibility between versions for ipa-admintools (in my case I'm trying to use ipa dnsrecord-del).  I was just wondering if there is a workaround that would allow me, from my 3.0 client, to delete a DNS PTR record on the 4.2 server, since I can't use the ipa dnsrecord-del command (the APIs are different, and the server responds that I've sent an invalid option).  Thanks.
>> That's strange, client should be forward compatible already:
>>
>> http://www.freeipa.org/page/Client#IPA_management_tool
>>
>> , i.e. RHEL-6 clients should be able to update RHEL-7 servers. We would know more if you send us the error.
>>
>> Anyway, given you are only updating DNS, maybe you could just use standard Kerberos-authenticated DNS update (nsupdate tool), to delete that PTR record?
>>

More information about the Freeipa-users mailing list