When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called in the process which fails on unexisting IPA server 'join' method.
wget call had to be changed so that IPA client may get to the ipa-join step. --no-check-certificate had to be added as V1 server automatically redirects the request to self-signed secure connection. https://fedorahosted.org/freeipa/ticket/553
>From d3282093128b34158ceae6264cf4c53fd49130d0 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 3 Feb 2011 17:20:26 +0100 Subject: [PATCH] Detection of v1 server during ipa-client-install When v2 IPA client is trying to join an IPA v1 server a strange exception is printed out to the user. This patch detects this by catching an XML-RPC error reported by ipa-join binary called in the process which fails on unexisting IPA server 'join' method. wget call had to be changed so that IPA client may get to the ipa-join step. --no-check-certificate had to be added as V1 server automatically redirects the request to self-signed secure connection. https://fedorahosted.org/freeipa/ticket/553 --- ipa-client/ipa-install/ipa-client-install | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 66e4a14872bb5ccde98816fd30683e0d8500ac34..1800f28f7a3ea4daa512b8d1624ce3e5de12432d 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -630,7 +630,7 @@ def main(): pass try: - run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "http://%s/ipa/config/ca.crt"; % cli_server]) + run(["/usr/bin/wget", "-O", "/etc/ipa/ca.crt", "--no-check-certificate", "http://%s/ipa/config/ca.crt"; % cli_server]) except CalledProcessError, e: sys.exit('Retrieving CA from %s failed.\n%s' % (cli_server, str(e))) @@ -683,7 +683,11 @@ def main(): (stdout, stderr, returncode) = run(join_args, raiseonerr=False, env=env) if returncode != 0: - print >>sys.stderr, "Joining realm failed: %s" % stderr, + if returncode == 17: # XML-RPC fault - possible IPA v1/v2 incompatibility + print "Joining realm failed because of failing XML-RPC request." + print " This error may be caused by incompatible server/client major versions." + else: + print >>sys.stderr, "Joining realm failed: %s" % stderr, if not options.force: return 1 print " Use ipa-getkeytab to obtain a host principal for this server." -- 1.7.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
