summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install/ipa-client-install
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
-rwxr-xr-xipa-client/ipa-install/ipa-client-install26
1 files changed, 24 insertions, 2 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 7133cce04..67279b3ed 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1374,14 +1374,36 @@ def install(options, env, fstore, statestore):
os.environ['KRB5CCNAME'] = CCACHE_FILE
try:
- ipautil.run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', 'host/%s' % hostname])
- api.Backend.xmlclient.connect()
+ ipautil.run(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', 'host/%s@%s' % (hostname, cli_realm)])
except CalledProcessError, e:
print >>sys.stderr, "Failed to obtain host TGT."
# fail to obtain ticket makes it impossible to login and bind from sssd to LDAP,
# abort installation and rollback changes
return CLIENT_INSTALL_ERROR
+ # Now, we have a TGT, lets try to connect to the server's XML-RPC interface
+ try:
+ api.Backend.xmlclient.connect()
+ except errors.KerberosError, e:
+ root_logger.debug('Cannot connect to the server due to Kerberos error: %s' % str(e))
+ root_logger.debug('Trying with delegate=True')
+ try:
+ api.Backend.xmlclient.connect(delegate=True)
+ root_logger.debug('Connection with delegate=True successful')
+
+ # The remote server is not capable of Kerberos S4U2Proxy delegation
+ # This features is implemented in IPA server version 2.2 and higher
+ print >>sys.stderr, "Target IPA server has a lower version that the enrolled client"
+ print >>sys.stderr, "Some capabilities including the ipa command capability may not be available"
+ except errors.PublicError, e2:
+ root_logger.debug('Second connect with delegate=True also failed: %s' % str(e2))
+ print >>sys.stderr, "Cannot connect to the IPA server XML-RPC interface: %s" % str(e2)
+ return CLIENT_INSTALL_ERROR
+ except errors.PublicError, e:
+ root_logger.debug('Cannot connect to the server due to generic error: %s' % str(e))
+ print >>sys.stderr, "Cannot connect to the IPA server XML-RPC interface: %s" % str(e)
+ return CLIENT_INSTALL_ERROR
+
if not options.on_master:
client_dns(cli_server, hostname, options.dns_updates)
configure_certmonger(fstore, subject_base, cli_realm, hostname, options)
generated by cgit (git 2.34.1) at 2024-06-08 08:46:33 +0000