No its not the role , i'm using command module
ipa-client-install -U -w {{ freeipa_temp_kerberos_password }} --mkhomedir --hostname {{ freeipa_client_hostname }} --ntp-server {{ ipaclient_ntp_servers }} --domain {{ ipaclient_domain }} --realm {{ ipaclient_realm }} --server {{ servername }}" On Thu, Apr 16, 2020 at 5:45 PM Rafael Jeffman <rjeff...@redhat.com> wrote: > Hello, > > Is this using ansible-freeipa roles? If so, you'll need RHEL/CentOS 7.4+ > for it to work. > > Rafael > > On Thu, Apr 16, 2020 at 7:41 AM Faraz Younus via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hi Team, >> >> I'm trying to add client with hostname abc.example.com on freeip server( >> ipa1.idm.example.com) but on centos 7 it works fine. >> >> All ports are allowed and accessible from client side >> >> Can you please share what the exactly problem is and how it can be fixed ? >> >> >> TASK [Enroll host to FreeIPA] >> ************************************************************************************************************************** >> >> failed: [sherwin-centos6-test.example.com] (item=ipa1.idm.example.com) >> => {"ansible_loop_var": "item", "changed": false, "cmd": >> ["ipa-client-install", "-U", "-w", "8ekh0Y", "--mkhomedir", "--hostname", " >> sherwin-centos6-test.example.com", "--ntp-server", "169.254.169.123", >> "--domain", "idm.example.com", "--realm", "IDM.EXAMPLE.COM", "--server", >> "ipa1.idm.example.com"], "delta": "0:00:00.202857", "end": "2020-04-16 >> 10:29:37.411081", "failed_when_result": true, "item": " >> ipa1.idm.example.com", "msg": "non-zero return code", "rc": 1, "start": >> "2020-04-16 10:29:37.208224", "stderr": "LDAP Error: Connect error: TLS >> error -8172:Peer's certificate issuer has been marked as not trusted by the >> user.\nLDAP Error: Connect error: TLS error -8172:Peer's certificate issuer >> has been marked as not trusted by the user.\nFailed to verify that >> ipa1.idm.example.com is an IPA Server.\nThis may mean that the remote >> server is not up or is not reachable due to network or firewall >> settings.\nPlease make sure the following ports are opened in the firewall >> settings:\n TCP: 80, 88, 389\n UDP: 88 (at least one of TCP/UDP >> ports 88 has to be open)\nAlso note that following ports are necessary for >> ipa-client working properly after enrollment:\n TCP: 464\n UDP: >> 464, 123 (if NTP enabled)\nInstallation failed. Rolling back changes.\nIPA >> client is not configured on this system.", "stderr_lines": ["LDAP Error: >> Connect error: TLS error -8172:Peer's certificate issuer has been marked as >> not trusted by the user.", "LDAP Error: Connect error: TLS error >> -8172:Peer's certificate issuer has been marked as not trusted by the >> user.", "Failed to verify that ipa1.idm.example.com is an IPA Server.", >> "This may mean that the remote server is not up or is not reachable due to >> network or firewall settings.", "Please make sure the following ports are >> opened in the firewall settings:", " TCP: 80, 88, 389", " UDP: >> 88 (at least one of TCP/UDP ports 88 has to be open)", "Also note that >> following ports are necessary for ipa-client working properly after >> enrollment:", " TCP: 464", " UDP: 464, 123 (if NTP enabled)", >> "Installation failed. Rolling back changes.", "IPA client is not configured >> on this system."], "stdout": "\u001b[?1034h", "stdout_lines": >> ["\u001b[?1034h"]} >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to >> freeipa-users-le...@lists.fedorahosted.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >> > > > -- > Rafael Guterres Jeffman > Senior Software Engineer > FreeIPA - Red Hat > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org