On 06/26/2011 08:35 AM, Charlie Derwent wrote:

On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote:

    Charlie Derwent wrote:

        On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
        <rcrit...@redhat.com <mailto:rcrit...@redhat.com>
        <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> wrote:

           Charlie Derwent wrote:


               I'm running FreeIPA server on F14 and connecting to a F14
               client. When I
               run ipa-client-install (via kickstart or after the
        client has
               I'm getting the following error message.

               root        : DEBUG
               root        : ERROR    LDAP Error: Connect error: Start
        TLS request
               accepted. Server willing to negotiate SSL
               Failed to verify that ipa.test.net
        <http://ipa.test.net> <http://ipa.test.net>
        <http://ipa.test.net> is an IPA server

               This may mean that the remote server is not up or is not
               reachable due
               to network or firewall settings

           What version of IPA are you running on the client and server?

        Server is running 2.0.0.rc3-0
        F14 Client is running  2.0.0.rc3-0
        RHEL 5.6 Clients are running 2.0-10.el5_6.1
        All the boxes are 64-bit

    How are you invoking ipa-client-install? The error message looks a
    bit odd and I'm not sure if it is a mail client mucking it up or
    something else (the addition of http://ipa.test.net)


           Can you check the 389-ds access log to see if you can see the
           connection and any errors reported with it?

         Nothing in the access.log on the server.

               The ipa server is definately up and running, it's still
               other servers in the network and when I rebuild the
        client with
               rhel or
               centos it can enroll (almost) without issue (see below).

               The second issue was this certmonger related bug where
               certmonger fails
               to start on new install
        <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
               resolved in
               Red Hat 5 as I think i'm expering the issue with my
        RH5u6 clients?

           Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix
        is to
           restart messagebus after installing certmonger. Should be
        easy to do
           in a kickstart.

        yeah got the "killall -HUP dbus-daemon" in there now.



Figured it out! Well partly... it's a dependency issue. I installed pretty much everything onto the box and it started to work but on my cut down server no joy. Finding the missing RPM might be a little bit more trickier unless someone could deduce what RPM's absence could cause that error?

It's hard cause it may be a dependency for the ipa-client or a dependency of a dependency and so forth!

If you are doing a DNS install for the server, you need bind-dyndb-ldap, which is the LDAP backend for the DNS server.


Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to