Hello all, 

        I am having an issue using IPA 2.2.0.   I am trying to put together a 
proof of concept set of systems.  I've stood up 2 servers on AWS.   One is the 
server one is the client.   I am using CentOS 6 to do all this testing on, with 
the default IPA packages provided from CentOS.   I had a fully operational 
proof of concept finished fully scripted to be built without issues.   I 
shutdown and started these as needed to show to people to get approval for the 
project.   The other day the client stopped enrolling to the IPA server, I have 
no idea why I assume a patch pushed out broke something since it is a fully 
scripted install. It does get the most recent patches each time I stand it up 
so it definitely would pull any new patches that came out. 

        After investigating I am getting this error when I try to manually 
enroll the client.  I haven't been able to find any reference to this error 
anywhere on the net.  Any help would be greatly appreciated!  Let me know if 
any additional details are needed. 

PLEASE NOTE:  Everything below has been sanitized 

[root@client ~]# ipa-client-install --domain=example.com 
--server=ipa1.example.com --realm=EXAMPLE.COM --configure-ssh --configure-sshd 
-p ipa-bind -w "blah" -U
DNS domain 'example.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: client.ec2.internal
DNS Domain: digitalreasoning.com
IPA Server: ipa1.example.com
BaseDN: dc=example,dc=com

Synchronizing time with KDC...

ipa         : ERROR    Cannot obtain CA certificate
'ldap://ipa1.example.com' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.

John Moyer

Freeipa-users mailing list

Reply via email to