On 12/22/11 9:46 PM, Benjamin Reed wrote:
> I'm attempting to configure a CentOS6 box to talk to a RHEL6.2 IPA
> server. The IPA server has anonymous bind disabled since it's on the
> public Internet. When I run ipa-client-install, I get the following error:

So the full log makes more sense with debug on:

[root@nen etc]# ipa-client-install --domain=OPENNMS.COM --debug
root        : DEBUG    /usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': 'OPENNMS.COM', 'uninstall': False,
'force': False, 'sssd': True, 'krb5_offline_passwords': True,
'hostname': None, 'preserve_sssd': False, 'server': None,
'prompt_password': False, 'mkhomedir': False, 'dns_updates': False,
'permit': False, 'debug': True, 'on_master': False, 'ntp_server': None,
'realm_name': None, 'unattended': None, 'principal': None}
root        : DEBUG    missing options might be asked for interactively

root        : DEBUG    Loading Index file from
root        : DEBUG    Loading StateFile from
root        : DEBUG    [ipadnssearchldap]
root        : DEBUG    [ipadnssearchkrb]
root        : DEBUG    [ipacheckldap]
root        : DEBUG    args=/usr/bin/wget -O /tmp/tmpjxJzV_/ca.crt -T 15
-t 2 http://connect.opennms.com/ipa/config/ca.crt
root        : DEBUG    stdout=
root        : DEBUG    stderr=--2011-12-22 22:47:39-- 
Resolving connect.opennms.com...
Connecting to connect.opennms.com||:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://connect.opennms.com/ipa/config/ca.crt [following]
--2011-12-22 22:47:39--  https://connect.opennms.com/ipa/config/ca.crt
Connecting to connect.opennms.com||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1313 (1.3K) [application/x-x509-ca-cert]
Saving to: "/tmp/tmpjxJzV_/ca.crt"

     0K .                                                     100% 3.11M=0s

2011-12-22 22:47:40 (3.11 MB/s) - "/tmp/tmpjxJzV_/ca.crt" saved [1313/1313]

root        : DEBUG    Init ldap with: ldap://connect.opennms.com:389
root        : ERROR    LDAP Error: Connect error: TLS error
-8172:Unknown code ___f 20
root        : DEBUG    will use domain: OPENNMS.COM

root        : DEBUG    will use server: connect.opennms.com

Failed to verify that connect.opennms.com is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
Installation failed. Rolling back changes.
IPA client is not configured on this system.

This implies I guess the LDAP server isn't accepting this cert?

Is there a log that might explain what's going on on the server side?

Benjamin Reed
The OpenNMS Group

Freeipa-users mailing list

Reply via email to