McDougall, Ryan P. [] wrote:
When joining a client to a FreeIPA server installed on F15, I get the
error quoted in the subject. The install of the server went well with no
errors during the process. I’ve been looking all over and I can’t seem
to find anything related to this on the forums and I haven’t heard back
from anyone yet in IRC. Is this a known issue?

This is caused by a recent update to libcurl that removed its ability to delegate tickets. Bugs have been opened against curl to add support for delegation and a bug against xmlrpc-c to take advantage of this new API.

There is currently on ETA on a fix.

The only workaround I've come up with so far is:

- On the server: manually add a host entry for your client: ipa host-add - Add the --force flag to ipa-client-install. This will allow it to continue past the enrolment failure
- On the client: kinit admin
- On the client: ipa-getkeytab -s -p -k /etc/krb5.keytab
- On the client: service sssd restart

There will be no SSL server cert in /etc/pki/nssdb because certmonger can't communicate with the IPA backend.


Freeipa-users mailing list

Reply via email to