No its not the role , i'm using command module
ipa-client-install -U -w {{ freeipa_temp_kerberos_password }} --mkhomedir
--hostname {{ freeipa_client_hostname }} --ntp-server {{
ipaclient_ntp_servers }} --domain {{ ipaclient_domain }} --realm {{
ipaclient_realm }} --server {{ servername }}"
On Thu, Apr 16, 2020 at 5:45 PM Rafael Jeffman <rjeff...@redhat.com> wrote:
> Hello,
>
> Is this using ansible-freeipa roles? If so, you'll need RHEL/CentOS 7.4+
> for it to work.
>
> Rafael
>
> On Thu, Apr 16, 2020 at 7:41 AM Faraz Younus via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
>> Hi Team,
>>
>> I'm trying to add client with hostname abc.example.com on freeip server(
>> ipa1.idm.example.com) but on centos 7 it works fine.
>>
>> All ports are allowed and accessible from client side
>>
>> Can you please share what the exactly problem is and how it can be fixed ?
>>
>>
>> TASK [Enroll host to FreeIPA]
>> **************************************************************************************************************************
>>
>> failed: [sherwin-centos6-test.example.com] (item=ipa1.idm.example.com)
>> => {"ansible_loop_var": "item", "changed": false, "cmd":
>> ["ipa-client-install", "-U", "-w", "8ekh0Y", "--mkhomedir", "--hostname", "
>> sherwin-centos6-test.example.com", "--ntp-server", "169.254.169.123",
>> "--domain", "idm.example.com", "--realm", "IDM.EXAMPLE.COM", "--server",
>> "ipa1.idm.example.com"], "delta": "0:00:00.202857", "end": "2020-04-16
>> 10:29:37.411081", "failed_when_result": true, "item": "
>> ipa1.idm.example.com", "msg": "non-zero return code", "rc": 1, "start":
>> "2020-04-16 10:29:37.208224", "stderr": "LDAP Error: Connect error: TLS
>> error -8172:Peer's certificate issuer has been marked as not trusted by the
>> user.\nLDAP Error: Connect error: TLS error -8172:Peer's certificate issuer
>> has been marked as not trusted by the user.\nFailed to verify that
>> ipa1.idm.example.com is an IPA Server.\nThis may mean that the remote
>> server is not up or is not reachable due to network or firewall
>> settings.\nPlease make sure the following ports are opened in the firewall
>> settings:\n TCP: 80, 88, 389\n UDP: 88 (at least one of TCP/UDP
>> ports 88 has to be open)\nAlso note that following ports are necessary for
>> ipa-client working properly after enrollment:\n TCP: 464\n UDP:
>> 464, 123 (if NTP enabled)\nInstallation failed. Rolling back changes.\nIPA
>> client is not configured on this system.", "stderr_lines": ["LDAP Error:
>> Connect error: TLS error -8172:Peer's certificate issuer has been marked as
>> not trusted by the user.", "LDAP Error: Connect error: TLS error
>> -8172:Peer's certificate issuer has been marked as not trusted by the
>> user.", "Failed to verify that ipa1.idm.example.com is an IPA Server.",
>> "This may mean that the remote server is not up or is not reachable due to
>> network or firewall settings.", "Please make sure the following ports are
>> opened in the firewall settings:", " TCP: 80, 88, 389", " UDP:
>> 88 (at least one of TCP/UDP ports 88 has to be open)", "Also note that
>> following ports are necessary for ipa-client working properly after
>> enrollment:", " TCP: 464", " UDP: 464, 123 (if NTP enabled)",
>> "Installation failed. Rolling back changes.", "IPA client is not configured
>> on this system."], "stdout": "\u001b[?1034h", "stdout_lines":
>> ["\u001b[?1034h"]}
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>>
>
>
> --
> Rafael Guterres Jeffman
> Senior Software Engineer
> FreeIPA - Red Hat
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
