On 06/27/2011 11:01 AM, Rob Crittenden wrote:
Charlie Derwent wrote:

On Mon, Jun 27, 2011 at 2:07 PM, Adam Young <ayo...@redhat.com
<mailto:ayo...@redhat.com>> wrote:

    On 06/26/2011 08:35 AM, Charlie Derwent wrote:

    On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden
<rcrit...@redhat.com <mailto:rcrit...@redhat.com>> wrote:

        Charlie Derwent wrote:

            On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
<rcrit...@redhat.com <mailto:rcrit...@redhat.com>
<mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>>

               Charlie Derwent wrote:


                   I'm running FreeIPA server on F14 and connecting to
            a F14
                   client. When I
                   run ipa-client-install (via kickstart or after the
            client has
                   I'm getting the following error message.

                   root        : DEBUG
                   root        : ERROR    LDAP Error: Connect error:
            Start TLS request
                   accepted. Server willing to negotiate SSL
                   Failed to verify that ipa.test.net
<http://ipa.test.net> <http://ipa.test.net>
<http://ipa.test.net> is an IPA server

                   This may mean that the remote server is not up or
            is not
                   reachable due
                   to network or firewall settings

               What version of IPA are you running on the client and

            Server is running 2.0.0.rc3-0
            F14 Client is running  2.0.0.rc3-0
            RHEL 5.6 Clients are running 2.0-10.el5_6.1
            All the boxes are 64-bit

        How are you invoking ipa-client-install? The error message
        looks a bit odd and I'm not sure if it is a mail client
        mucking it up or something else (the addition of


               Can you check the 389-ds access log to see if you can
            see the
               connection and any errors reported with it?

             Nothing in the access.log on the server.

The ipa server is definately up and running, it's still
                   other servers in the network and when I rebuild the
            client with
                   rhel or
                   centos it can enroll (almost) without issue (see

The second issue was this certmonger related bug where
                   certmonger fails
                   to start on new install
<https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
                   resolved in
                   Red Hat 5 as I think i'm expering the issue with my
            RH5u6 clients?

               Looks like it wasn't fixed in RHEL 5.x. IIRC the simple
            fix is to
               restart messagebus after installing certmonger. Should
            be easy to do
               in a kickstart.

            yeah got the "killall -HUP dbus-daemon" in there now.



    Figured it out! Well partly... it's a dependency issue. I
    installed pretty much everything onto the box and it started to
    work but on my cut down server no joy. Finding the missing RPM
    might be a little bit more trickier unless someone could deduce
    what RPM's absence could cause that error?

    It's hard cause it may be a dependency for the ipa-client or a
    dependency of a dependency and so forth!

    If you are doing a DNS install for the server, you need
    bind-dyndb-ldap, which is the LDAP backend for the DNS server.

This was a client side issue (apologies for saying "cut down server" I
meant server in a hardware sense rather that server/client model). But
yeah bind-dyndb-ldap is installed on my server.

A brute force way would be to do rpm -qa > list on both installs so we can compare the two and try to find some important difference.


Would the client install log report an error if something was missing?


Freeipa-users mailing list

Reply via email to