Bug 1082590

Summary: ipa-client-automount fails with "This client is incompatible" when registerd with an older IPA server
Product: Red Hat Enterprise Linux 6 Reporter: Ron van der Wees <rvdwees>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: cww, dpal, pviktori, rcritten, rmainz
Target Milestone: rcKeywords: EasyFix, Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ipa-3.0.0-38.el6 Doc Type: Bug Fix
Doc Text:
Cause: ipa-client-automount used the RPC interface to validate the automount location. The RPC interface only allows clients that are older, or the same version, as the server Consequence: Running ipa-client-automount with a client whose IPA version is newer than the server's would result in the error, "This client is incompatible". Fix: The call in ipa-client-automount now reports a fixed API version in the RPC call. Result: ipa-client-automount now runs successfully when the client's version is newer than the server's.
 Story Points: ---
Clone Of:
: 1083108 (view as bug list) Environment:
Last Closed: 2014-10-14 07:32:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 994246, 1083108    

Description Ron van der Wees 2014-03-31 12:17:55 UTC 
Description of problem:
The ipa-client on a RHEL6.5 server fails to enable autofs when the IPA server is (slightly) older (i.e. RHEL6.4).

Version-Release number of selected component (if applicable):
ipa-client-3.0.0-37.el6.x86_64


How reproducible:
Always

Steps to Reproduce:
1. install and configure IPA server on RHEL6.4
2. install and configure IPA client on RHEL6.5 with: ipa-client-install
3. try to enable autofs with: ipa-client-automount

Actual results:
# ipa-client-automount
Searching for IPA server...
IPA server: [u'ipa.example.com']
Location: default
This client is incompatible: 2.49 client incompatible with 2.46 server at u'https://ipa.example.com/ipa/xml'


Expected results:
# ipa-client-automount
Searching for IPA server...
IPA server: ipa.example.com
Location: default
Continue to configure the system with these values? [no]: yes
Configured /etc/nsswitch.conf
Configured /etc/sysconfig/nfs
Configured /etc/idmapd.conf
Started rpcidmapd
Started rpcgssd
Restarting sssd, waiting for it to become available.
Started autofs


Additional info:
Configuring the basis of ipa-client on RHEL6.5 against a RHEL6.4 IPA server
works ok.
This is not a technical issue of autofs or SSSD since it will work when
configured manually. Even more, a 6.4 client updated to 6.5 will continue to
work as well.
Comment 1 Ron van der Wees 2014-03-31 12:22:50 UTC 
The code responsible for this error msg:

/usr/sbin/ipa-client-automount:
435         try:
436             api.Command['automountlocation_show'](unicode(options.location))
437         except errors.VersionError, e:
438             sys.exit('This client is incompatible: ' + str(e))
Comment 2 Martin Kosek 2014-03-31 13:28:00 UTC 
This is a follow up for Bug 1009024 (fixes the same issue in ipa-client-install), I asked Ron to file this bug so that we can also fix ipa-client-automount.
Comment 4 Martin Kosek 2014-03-31 14:42:40 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4290
Comment 7 Martin Kosek 2014-04-02 06:49:11 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/66fb4d5e849a049e95d3ef4fcf2b86217488634d
ipa-3-3:
https://fedorahosted.org/freeipa/changeset/ee2fac9bee6728facfa4525b8f97585f7030a14c
Comment 10 Michael Gregg 2014-07-17 23:40:56 UTC 
Verified on:

Server is a 6.4 server
ipa-server-3.0.0-25.el6.i686
Client is on 6.6
ipa-client-3.0.0-42.el6.i686

Client install:

[root@nu5 ~]#  /usr/sbin/ipa-client-install -U --domain=testrelm.test --realm=TESTRELM.TEST -p admin -w <pw> --server=delta.testrelm.test
Hostname: nu5.testrelm.test
Realm: TESTRELM.TEST
DNS Domain: testrelm.test
IPA Server: delta.testrelm.test
BaseDN: dc=testrelm,dc=test

Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.
Enrolled in IPA realm TESTRELM.TEST
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm TESTRELM.TEST
trying https://delta.testrelm.test/ipa/xml
Forwarding 'env' to server u'https://delta.testrelm.test/ipa/xml'
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://delta.testrelm.test/ipa/xml'
host_mod: Unknown option: no_members
Failed to upload host SSH public keys.
SSSD enabled
Configuring testrelm.test as NIS domain
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.

Autofs setup:
[root@nu5 ~]# ipa-client-automount
Searching for IPA server...
IPA server: DNS discovery
Location: default
Continue to configure the system with these values? [no]: yes
Configured /etc/nsswitch.conf
Configured /etc/sysconfig/nfs
Configured /etc/idmapd.conf
Started rpcidmapd
Started rpcgssd
Restarting sssd, waiting for it to become available.
Started autofs
Comment 11 errata-xmlrpc 2014-10-14 07:32:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1383.html