IPA Replica installation fails on IPV4 Linux box, The exception/messages on 
screen are:

...
 error: [Errno 97] Address family not supported by protocol 

...

After looking into the python code, it is found out that the IPA program tried 
to test both IPV4 and IPv6 address families, and it failed there when IPV6 is 
turned off.

So I turn on IPV6 again, try ipa-conncheck again and it works this time.

--David





________________________________
 From: hshhs caca <cao2...@yahoo.com>
To: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
Sent: Thursday, April 26, 2012 1:51 PM
Subject: [Freeipa-users] What are the main purposes of Dogtag certificate 
system inside IPA
 


Hi folks,

 When evaluating migration from existing seperate LDAP/Kerberos solution to 
integrated IPA, I got confused on the purposes of Dogtag Certificate system 
inside IPA. What are the main purposes of it? or what value it brings in to 
IPA? 

 I can see the points of KDC and 389 Directory server parts, even NTP and DNS, 
but not for Dogtag. Frankly, I am not sure where I should put it. Say, For 
Kerberos authentication, I need only /etc/krb5.conf and /etc/krb5.keytab 
locally on client and then krb5 tools/libs will do their work happily.  Then 
why should I authenticate a machine with certificate, or certificate+keytab -- 
either way the certificate part is a MUST -- see document
 
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/hosts.html
 ( at the very bottom).

A close question is: what are the main points/benefits of machine 
authentication? because of with traditional keytab based kerberos setup, the 
users, machines and services can authenticate no problem, then why we need an 
extra authentication with machine certificate as a must?

 Please help me clarify the question of why the statement 'pkinit_anchors = 
FILE:/etc/ipa/ca.crt' is put inside krb5.conf after running ipa-client-install 
script? what is its purposes?

Last problem is: after I following the steps at 
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/linux-manual.html
 to setup my Linux client manually, I still can not run 'ipa user-find' command 
on the client; when another same type linux client installed with 
'ipa-client-install' has no problem to run it.
 Does there are any difference between manual and automatic installations?

Sorry I got too many questions and probably more, as I read though the Redhat 
IPA document serveral times, and every time more questions pop up. :)

Thanks a lot.

--Robinson

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to