On 02/18/2013 09:06 PM, John Moyer wrote:

The client is pointing to DNS for the server.   Here is the log info
from the ipa-client-log (in /var/log/).  I haven't tried the other stuff
yet, I'll respond back when I get a chance to check out the CA cert things.

2013-02-19T02:01:37Z DEBUG args=kinit ipa-b...@example.com

When the client installer tries to retrieve the CA cert from LDAP it uses a GSSAPI bind and they error you're getting is that it cannot perform a bind with the credentials from above.

Did you provide the password for ipa-bind? Are you running the client install interactively?

Is the realm EXAMPLE.COM really correct?

Are you able to do a kinit for ipa-b...@example.com on the client successfully?

Are your kerberos ports open?

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to