On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Charlie Derwent wrote: > >> >> >> On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <rcrit...@redhat.com >> <mailto:rcrit...@redhat.com>> wrote: >> >> Charlie Derwent wrote: >> >> Hi >> >> I'm running FreeIPA server on F14 and connecting to a F14 >> client. When I >> run ipa-client-install (via kickstart or after the client has >> installed) >> I'm getting the following error message. >> >> root : DEBUG >> root : ERROR LDAP Error: Connect error: Start TLS request >> accepted. Server willing to negotiate SSL >> Failed to verify that ipa.test.net <http://ipa.test.net> >> <http://ipa.test.net> is an IPA server >> >> This may mean that the remote server is not up or is not >> reachable due >> to network or firewall settings >> >> >> What version of IPA are you running on the client and server? >> >> Server is running 2.0.0.rc3-0 >> F14 Client is running 2.0.0.rc3-0 >> RHEL 5.6 Clients are running 2.0-10.el5_6.1 >> All the boxes are 64-bit >> > > How are you invoking ipa-client-install? The error message looks a bit odd > and I'm not sure if it is a mail client mucking it up or something else (the > addition of http://ipa.test.net) > > rob > > Yeah thats a mail client quirk there was only one http://ipa.test.net in my original email. I'm getting the same error if I run "ipa-client-install" with no switches or "ipa-client-install --server=ipa.test.net --domain=test.net --realm=TEST.NET<http://test.net/>etc..". there are other switches I have in my kickstart scripts but I'm not at the lab right now so I couldn't tell you what they are, suffice to say I'm connecting without any issue if I rekick a rhel or centos build on the exact same server. The really weird thing is I have an older box I built to F14 a few weeks ago and that's been connected for weeks with the exact same client rpm, I just hope I don't have to rebuild it! Is there anyway to check if the dependencies between the two builds vary? Charlie > > > >> Can you check the 389-ds access log to see if you can see the >> connection and any errors reported with it? >> >> Nothing in the access.log on the server. >> >> >> >> >> The ipa server is definately up and running, it's still >> authenticating >> other servers in the network and when I rebuild the client with >> rhel or >> centos it can enroll (almost) without issue (see below). >> >> The second issue was this certmonger related bug where >> certmonger fails >> to start on new install >> >> (https://bugzilla.redhat.com/_**_show_bug.cgi?id=636894<https://bugzilla.redhat.com/__show_bug.cgi?id=636894> >> >> <https://bugzilla.redhat.com/**show_bug.cgi?id=636894<https://bugzilla.redhat.com/show_bug.cgi?id=636894>>) >> was it >> resolved in >> Red Hat 5 as I think i'm expering the issue with my RH5u6 clients? >> >> >> Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to >> restart messagebus after installing certmonger. Should be easy to do >> in a kickstart. >> >> >> yeah got the "killall -HUP dbus-daemon" in there now. >> >> Cheers >> Charlie >> >> >> rob >> >> >> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users