~Stack~ wrote:
On 10/27/2011 02:50 PM, Rob Crittenden wrote:
Building 2.1.3 from source is going to require the same set of
dependencies as building from the src.rpm. Note though that upstream
development of freeipa is done in Fedora, not RHEL.

I gave compiling it from the src.rpm a try. I was OK compiling all the
dependencies that were directly related (and there were a good lot of
them), however, by the time I got into compiling other random libraries
for gtk3 I gave up and just modified the spec file to allow me to use
the libraries I had just compiled. I didn't expect it to work, so I was
a bit surprised when it compiled just fine. I was soon let down when I
ran into the *exact* same problem. :-/

I can force the clients to join but I can't log into them as a user.

I have reasons for needing to stay with Scientific Linux. Since this was
just a because-I-am-interested project I may have to wait till someone
far more familiar with the project at Red Hat pushes out updated
binaries (which I fully understand may be a while). I am certain to keep
an eye on this project because it seems to be a _much_ easier and better
way to manage users then the LDAP solution I currently have setup.

Thanks for the help Rob!


Look in /var/log/ipaclient-install.log for more details. We do a lot more logging in 2.1.3.

The original problem was due to how we set up a temporary krb5.conf in order to enrollment. We discovered (automatically or via the user) the environment then wrote out a krb5.conf that did not include all this data so it was re-discovered, sometimes incorrectly.

The temporary krb5.conf should both be specific to the IPA server and also be included in the client install log.

It might be an interesting exercise to set a one-time password on a host and see if you can enroll successfully using that.


Freeipa-users mailing list

Reply via email to