Charlie Derwent wrote:



On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>> wrote:

    Charlie Derwent wrote:

        Hi

        I'm running FreeIPA server on F14 and connecting to a F14
        client. When I
        run ipa-client-install (via kickstart or after the client has
        installed)
        I'm getting the following error message.

        root        : DEBUG
        root        : ERROR    LDAP Error: Connect error: Start TLS request
        accepted. Server willing to negotiate SSL
        Failed to verify that ipa.test.net <http://ipa.test.net>
        <http://ipa.test.net> is an IPA server

        This may mean that the remote server is not up or is not
        reachable due
        to network or firewall settings


    What version of IPA are you running on the client and server?

Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit

How are you invoking ipa-client-install? The error message looks a bit odd and I'm not sure if it is a mail client mucking it up or something else (the addition of http://ipa.test.net)

rob


    Can you check the 389-ds access log to see if you can see the
    connection and any errors reported with it?

  Nothing in the access.log on the server.




        The ipa server is definately up and running, it's still
        authenticating
        other servers in the network and when I rebuild the client with
        rhel or
        centos it can enroll (almost) without issue (see below).

        The second issue was this certmonger related bug where
        certmonger fails
        to start on new install
        (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
        <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
        resolved in
        Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


    Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
    restart messagebus after installing certmonger. Should be easy to do
    in a kickstart.


yeah got the "killall -HUP dbus-daemon" in there now.

Cheers
Charlie


    rob



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to