On Mon, Jun 27, 2011 at 2:07 PM, Adam Young <[email protected]> wrote:
> ** > On 06/26/2011 08:35 AM, Charlie Derwent wrote: > > > > On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <[email protected]>wrote: > >> Charlie Derwent wrote: >> >>> >>> >>> On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Charlie Derwent wrote: >>> >>> Hi >>> >>> I'm running FreeIPA server on F14 and connecting to a F14 >>> client. When I >>> run ipa-client-install (via kickstart or after the client has >>> installed) >>> I'm getting the following error message. >>> >>> root : DEBUG >>> root : ERROR LDAP Error: Connect error: Start TLS >>> request >>> accepted. Server willing to negotiate SSL >>> Failed to verify that ipa.test.net <http://ipa.test.net> >>> <http://ipa.test.net> is an IPA server >>> >>> This may mean that the remote server is not up or is not >>> reachable due >>> to network or firewall settings >>> >>> >>> What version of IPA are you running on the client and server? >>> >>> Server is running 2.0.0.rc3-0 >>> F14 Client is running 2.0.0.rc3-0 >>> RHEL 5.6 Clients are running 2.0-10.el5_6.1 >>> All the boxes are 64-bit >>> >> >> How are you invoking ipa-client-install? The error message looks a bit odd >> and I'm not sure if it is a mail client mucking it up or something else (the >> addition of http://ipa.test.net) >> >> rob >> >> >> >>> Can you check the 389-ds access log to see if you can see the >>> connection and any errors reported with it? >>> >>> Nothing in the access.log on the server. >>> >>> >>> >>> >>> The ipa server is definately up and running, it's still >>> authenticating >>> other servers in the network and when I rebuild the client with >>> rhel or >>> centos it can enroll (almost) without issue (see below). >>> >>> The second issue was this certmonger related bug where >>> certmonger fails >>> to start on new install >>> (https://bugzilla.redhat.com/__show_bug.cgi?id=636894 >>> <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it >>> resolved in >>> Red Hat 5 as I think i'm expering the issue with my RH5u6 clients? >>> >>> >>> Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to >>> restart messagebus after installing certmonger. Should be easy to do >>> in a kickstart. >>> >>> >>> yeah got the "killall -HUP dbus-daemon" in there now. >>> >>> Cheers >>> Charlie >>> >>> >>> rob >>> >>> >>> >> > Figured it out! Well partly... it's a dependency issue. I installed pretty > much everything onto the box and it started to work but on my cut down > server no joy. Finding the missing RPM might be a little bit more trickier > unless someone could deduce what RPM's absence could cause that error? > > It's hard cause it may be a dependency for the ipa-client or a dependency > of a dependency and so forth! > > > If you are doing a DNS install for the server, you need bind-dyndb-ldap, > which is the LDAP backend for the DNS server. > > This was a client side issue (apologies for saying "cut down server" I meant server in a hardware sense rather that server/client model). But yeah bind-dyndb-ldap is installed on my server. Charlie > > Cheers > Charlie > > > _______________________________________________ > Freeipa-users mailing > [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
