McDougall, Ryan P. [mcry0...@stcloudstate.edu] wrote:
When joining a client to a FreeIPA server installed on F15, I get the
error quoted in the subject. The install of the server went well with no
errors during the process. I’ve been looking all over and I can’t seem
to find anything related to this on the forums and I haven’t heard back
from anyone yet in IRC. Is this a known issue?


This is caused by a recent update to libcurl that removed its ability to delegate tickets. Bugs have been opened against curl to add support for delegation and a bug against xmlrpc-c to take advantage of this new API.

There is currently on ETA on a fix.

The only workaround I've come up with so far is:

- On the server: manually add a host entry for your client: ipa host-add client.example.com - Add the --force flag to ipa-client-install. This will allow it to continue past the enrolment failure
- On the client: kinit admin
- On the client: ipa-getkeytab -s ipa.example.com -p client.example....@example.com -k /etc/krb5.keytab
- On the client: service sssd restart

There will be no SSL server cert in /etc/pki/nssdb because certmonger can't communicate with the IPA backend.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to