[Freeipa-users] ipa client install
Rob Crittenden
rcritten at redhat.com
Tue Mar 22 13:44:18 UTC 2011
Uzor Ide wrote:
> Hi
>
> Is there a requirement for the same version of client as the server.
> I've just install freeipa server version 2.0 rc3. While on the client
> side, I have a previously installed client version 2.0 beta1. It would
> not join the realm. I had run the client install script to remove the
> client from the another 2.0 beta1 server.
> But when I try to run against the new server, to join the server version
> 2.0 rc3 realm, the discovery goes on smoothly after which I get the
> following
>
>
> Continue to configure the system with these values? [no]: yes
>
> Joining realm failed: Operation failed! unsupported extended operation
> child exited with 9
> Certificate subject base is: o=uzdomainco
>
> The client's kerberos keytab is not update and non of the config files
> are update.
> However when you use the command ipa host-find on the server the host is
> listed.
>
> Any ideas what the issue would be?
>
> thanks
>
> ide
A change was made in 2.0rc2 in the release that made pre rc2 clients
unable to join rc2 and beyond servers. We changed the LDAP extended
operation OID used for doing online enrollment and retrieving keytabs
which is why the older clients now fail (we had inadvertently used them
in more than one place).
You should be able to just upgrade the client rpm and enrollment will work.
rob
More information about the Freeipa-users
mailing list