That being said, just tried again on an ubuntu 14.04 node with these
same CLI params, and it failed, but the logs are complaining about
"SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user", which never was reported in the ubuntu 16
system's logs.

Seems to mirror the bug/issue noted here:

I am still curious why one has to explicitly call out '--server' for the
Ubuntu 16 system to join.

I can also start a different thread for the Ubuntu 14 system debugging
if need be, or can just continue here - your call.


On 1/17/18 6:10 PM, Chris Moody via FreeIPA-users wrote:
> Just attempted the '--server' option you mention, as well as the
> '--domain' value that the parameter requires, and it actually SUCCEEDED
> in joining!
> I received "Client configuration complete." via the ipa-client-install
> command and was just able to successfully login to this node with a user
> in IPA.
> Which is wonderful news.... however I'm still now wondering what
> component might be failing or portion of autodiscovery perhaps
> missing/b0rk3d that's necessitating the --server param to be explicitly
> called.
> -Chris
> On 1/17/18 5:30 PM, Chris Moody via FreeIPA-users wrote:
>>> Might also be interesting to try to force a specific master by adding
>>> --server <fqdn of master> to the install line, just to see.
>>> I'm guessing the client is old as it doesn't appear to support the
>>> newer-style ipa-getkeytab:
> _______________________________________________
> FreeIPA-users mailing list --
> To unsubscribe send an email to

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to