McDougall, Ryan P. [mcry0...@stcloudstate.edu] wrote:
When joining a client to a FreeIPA server installed on F15, I get the
error quoted in the subject. The install of the server went well with no
errors during the process. I’ve been looking all over and I can’t seem
to find anything related to this on the forums and I haven’t heard back
from anyone yet in IRC. Is this a known issue?
This is caused by a recent update to libcurl that removed its ability to
delegate tickets. Bugs have been opened against curl to add support for
delegation and a bug against xmlrpc-c to take advantage of this new API.
There is currently on ETA on a fix.
The only workaround I've come up with so far is:
- On the server: manually add a host entry for your client: ipa host-add
- Add the --force flag to ipa-client-install. This will allow it to
continue past the enrolment failure
- On the client: kinit admin
- On the client: ipa-getkeytab -s ipa.example.com -p
client.example....@example.com -k /etc/krb5.keytab
- On the client: service sssd restart
There will be no SSL server cert in /etc/pki/nssdb because certmonger
can't communicate with the IPA backend.
Freeipa-users mailing list