That being said, just tried again on an ubuntu 14.04 node with these same CLI params, and it failed, but the logs are complaining about "SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user", which never was reported in the ubuntu 16 system's logs.
Seems to mirror the bug/issue noted here: https://pagure.io/freeipa/issue/7072 I am still curious why one has to explicitly call out '--server' for the Ubuntu 16 system to join. I can also start a different thread for the Ubuntu 14 system debugging if need be, or can just continue here - your call. -Chris On 1/17/18 6:10 PM, Chris Moody via FreeIPA-users wrote: > Just attempted the '--server' option you mention, as well as the > '--domain' value that the parameter requires, and it actually SUCCEEDED > in joining! > > I received "Client configuration complete." via the ipa-client-install > command and was just able to successfully login to this node with a user > in IPA. > > Which is wonderful news.... however I'm still now wondering what > component might be failing or portion of autodiscovery perhaps > missing/b0rk3d that's necessitating the --server param to be explicitly > called. > > -Chris > > > On 1/17/18 5:30 PM, Chris Moody via FreeIPA-users wrote: >>> Might also be interesting to try to force a specific master by adding >>> --server <fqdn of master> to the install line, just to see. >>> >>> I'm guessing the client is old as it doesn't appear to support the >>> newer-style ipa-getkeytab: > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org