Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1118725
Description of problem: # ipa-client-install WARNING: ntpd time&date synchronization service will not be configured as conflicting service (chronyd) is enabled Use --force-ntpd option to disable it and force configuration of ntpd DNS domain 'virt' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: rawhide.1.virt Realm: VIRT DNS Domain: 1.virt IPA Server: fedora20.1.virt BaseDN: dc=virt Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. User authorized to enroll computers: admin Password for admin@VIRT: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=VIRT Issuer: CN=Certificate Authority,O=VIRT Valid From: Fri Jul 11 10:45:57 2014 UTC Valid Until: Tue Jul 11 10:45:57 2034 UTC Joining realm failed: Failed to parse result! unsupported extended operation Failed to get keytab child exited with 9 Installation failed. Rolling back changes. IPA client is not configured on this system. Version-Release number of selected component (if applicable): freeipa-server-3.3.5-1.fc20.x86_64 freeipa-client-4.0.0-1.fc21.x86_64 Steps to Reproduce: 1. run ipa-server-install on fedora20.1.virt 2. use basic simple setup with dns 3. run ipa-client-install on rawhide.1.virt Actual results: Expected results: Additional info:
This reproduces pretty easily and it prevents FreeIPA 4.0.0 clients to join older servers. Simo or Nathaniel, could either of you please check this one as soon as possible?
Nathaniel is working on implementation, Alexander on a review. This should be fixed asap.
https://www.redhat.com/archives/freeipa-devel/2014-July/msg00368.html
master:
ipa-4-1:
ipa-4-0:
Metadata Update from @mkosek: - Issue assigned to npmccallum - Issue set to the milestone: FreeIPA 4.0.1
Log in to comment on this ticket.