Hi John, I ran into a similar issue with setting up a 2.2 client with a 3.1 server. It turned out to be that port 80 wasn't open on the freeipa server. I would check your ports and see if the right ones are open. I also find that setting up the SRV and TXT records in your dns zone makes setting up clients a lot simpler.
On 19 February 2013 00:58, John Moyer <[email protected]>wrote: > Hello all, > > I am having an issue using IPA 2.2.0. I am trying to put together a > proof of concept set of systems. I've stood up 2 servers on AWS. One is > the server one is the client. I am using CentOS 6 to do all this testing > on, with the default IPA packages provided from CentOS. I had a fully > operational proof of concept finished fully scripted to be built without > issues. I shutdown and started these as needed to show to people to get > approval for the project. The other day the client stopped enrolling to > the IPA server, I have no idea why I assume a patch pushed out broke > something since it is a fully scripted install. It does get the most recent > patches each time I stand it up so it definitely would pull any new patches > that came out. > > After investigating I am getting this error when I try to manually enroll > the client. I haven't been able to find any reference to this error > anywhere on the net. Any help would be greatly appreciated! Let me know > if any additional details are needed. > > > PLEASE NOTE: Everything below has been sanitized > > > [root@client ~]# ipa-client-install --domain=example.com --server= > ipa1.example.com --realm=EXAMPLE.COM --configure-ssh --configure-sshd -p > ipa-bind -w "blah" -U > DNS domain 'example.com' is not configured for automatic KDC address > lookup. > KDC address will be set to fixed value. > > Discovery was successful! > Hostname: client.ec2.internal > Realm: EXAMPLE.COM > DNS Domain: digitalreasoning.com > IPA Server: ipa1.example.com > BaseDN: dc=example,dc=com > > > Synchronizing time with KDC... > > ipa : ERROR Cannot obtain CA certificate > 'ldap://ipa1.example.com' doesn't have a certificate. > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > > Thanks, > _____________________________________________________ > John Moyer > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
