ipa-client-install: Verify RPC connection with a ping

With old servers, it is possible that xmlclient.connect() succeeds
but commands fail with a Kerberos error.

Verify that commands succeed by sending a ping after connecting.

Follow-up to: https://fedorahosted.org/freeipa/ticket/3931

1 files changed, 9 insertions, 0 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 11eedfad..01831663 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -2324,13 +2324,22 @@ def install(options, env, fstore, statestore):
         pass
 
     # Now, let's try to connect to the server's XML-RPC interface
+    connected = False
     try:
         api.Backend.xmlclient.connect()
+        connected = True
+        root_logger.debug('Try RPC connection')
+        api.Backend.xmlclient.forward('ping')
     except errors.KerberosError, e:
+        if connected:
+            api.Backend.xmlclient.disconnect()
         root_logger.info('Cannot connect to the server due to ' +
             'Kerberos error: %s. Trying with delegate=True', str(e))
         try:
             api.Backend.xmlclient.connect(delegate=True)
+            root_logger.debug('Try RPC connection')
+            api.Backend.xmlclient.forward('ping')
+
             root_logger.info('Connection with delegate=True successful')
 
             # The remote server is not capable of Kerberos S4U2Proxy delegation