IPA Replica installation fails on IPV4 Linux box, The exception/messages on 
screen are:

 error: [Errno 97] Address family not supported by protocol 


After looking into the python code, it is found out that the IPA program tried 
to test both IPV4 and IPv6 address families, and it failed there when IPV6 is 
turned off.

So I turn on IPV6 again, try ipa-conncheck again and it works this time.


 From: hshhs caca <cao2...@yahoo.com>
To: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
Sent: Thursday, April 26, 2012 1:51 PM
Subject: [Freeipa-users] What are the main purposes of Dogtag certificate 
system inside IPA

Hi folks,

 When evaluating migration from existing seperate LDAP/Kerberos solution to 
integrated IPA, I got confused on the purposes of Dogtag Certificate system 
inside IPA. What are the main purposes of it? or what value it brings in to 

 I can see the points of KDC and 389 Directory server parts, even NTP and DNS, 
but not for Dogtag. Frankly, I am not sure where I should put it. Say, For 
Kerberos authentication, I need only /etc/krb5.conf and /etc/krb5.keytab 
locally on client and then krb5 tools/libs will do their work happily.  Then 
why should I authenticate a machine with certificate, or certificate+keytab -- 
either way the certificate part is a MUST -- see document
 ( at the very bottom).

A close question is: what are the main points/benefits of machine 
authentication? because of with traditional keytab based kerberos setup, the 
users, machines and services can authenticate no problem, then why we need an 
extra authentication with machine certificate as a must?

 Please help me clarify the question of why the statement 'pkinit_anchors = 
FILE:/etc/ipa/ca.crt' is put inside krb5.conf after running ipa-client-install 
script? what is its purposes?

Last problem is: after I following the steps at 
 to setup my Linux client manually, I still can not run 'ipa user-find' command 
on the client; when another same type linux client installed with 
'ipa-client-install' has no problem to run it.
 Does there are any difference between manual and automatic installations?

Sorry I got too many questions and probably more, as I read though the Redhat 
IPA document serveral times, and every time more questions pop up. :)

Thanks a lot.


Freeipa-users mailing list
Freeipa-users mailing list

Reply via email to