On 06/26/2011 08:35 AM, Charlie Derwent wrote:
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <[email protected]
<mailto:[email protected]>> wrote:
Charlie Derwent wrote:
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
Charlie Derwent wrote:
Hi
I'm running FreeIPA server on F14 and connecting to a F14
client. When I
run ipa-client-install (via kickstart or after the
client has
installed)
I'm getting the following error message.
root : DEBUG
root : ERROR LDAP Error: Connect error: Start
TLS request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net
<http://ipa.test.net> <http://ipa.test.net>
<http://ipa.test.net> is an IPA server
This may mean that the remote server is not up or is not
reachable due
to network or firewall settings
What version of IPA are you running on the client and server?
Server is running 2.0.0.rc3-0
F14 Client is running 2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit
How are you invoking ipa-client-install? The error message looks a
bit odd and I'm not sure if it is a mail client mucking it up or
something else (the addition of http://ipa.test.net)
rob
Can you check the 389-ds access log to see if you can see the
connection and any errors reported with it?
Nothing in the access.log on the server.
The ipa server is definately up and running, it's still
authenticating
other servers in the network and when I rebuild the
client with
rhel or
centos it can enroll (almost) without issue (see below).
The second issue was this certmonger related bug where
certmonger fails
to start on new install
(https://bugzilla.redhat.com/__show_bug.cgi?id=636894
<https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
resolved in
Red Hat 5 as I think i'm expering the issue with my
RH5u6 clients?
Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix
is to
restart messagebus after installing certmonger. Should be
easy to do
in a kickstart.
yeah got the "killall -HUP dbus-daemon" in there now.
Cheers
Charlie
rob
Figured it out! Well partly... it's a dependency issue. I installed
pretty much everything onto the box and it started to work but on my
cut down server no joy. Finding the missing RPM might be a little bit
more trickier unless someone could deduce what RPM's absence could
cause that error?
It's hard cause it may be a dependency for the ipa-client or a
dependency of a dependency and so forth!
If you are doing a DNS install for the server, you need
bind-dyndb-ldap, which is the LDAP backend for the DNS server.
Cheers
Charlie
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
