Dmitri, 

Here are the corresponding answers, thanks for the quick response. 


1. ipa-client-3.0.0-26.el6_4.2.x86_64
2. 
[root@ ~]# ipa-client-install --domain=digitalreasoning.com 
--server=ipa1.corp.digitalreasoning.com --realm=EXAMPLE.COM -p builduser -w 
"BLAH" -U
Hostname: client.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: server.example.com
BaseDN: dc=example,dc=com

Synchronizing time with KDC...
Joining realm failed: libcurl failed to execute the HTTP POST transaction.  
Peer certificate cannot be authenticated with known CA certificates

Installation failed. Rolling back changes.
IPA client is not configured on this system.

3. 
2013-05-23T17:45:16Z DEBUG args=kinit buildu...@example.com
2013-05-23T17:45:16Z DEBUG stdout=Password for buildu...@example.com:

2013-05-23T17:45:16Z DEBUG stderr=
2013-05-23T17:45:16Z DEBUG trying to retrieve CA cert via LDAP from 
ldap://server.example.com
2013-05-23T17:45:16Z DEBUG Existing CA cert and Retrieved CA cert are identical
2013-05-23T17:45:16Z DEBUG args=/usr/sbin/ipa-join -s server.example.com -b 
dc=example,dc=com
2013-05-23T17:45:16Z DEBUG stdout=
2013-05-23T17:45:16Z DEBUG stderr=libcurl failed to execute the HTTP POST 
transaction.  Peer certificate cannot be authenticated with known CA 
certificates

2013-05-23T17:45:16Z ERROR Joining realm failed: libcurl failed to execute the 
HTTP POST transaction.  Peer certificate cannot be authenticated with known CA 
certificates

2013-05-23T17:45:16Z ERROR Installation failed. Rolling back changes.
2013-05-23T17:45:16Z ERROR IPA client is not configured on this system.

Thanks, 
_____________________________________________________
John Moyer
Director, IT Operations
Digital Reasoning Systems, Inc.
john.mo...@digitalreasoning.com
Office: 703.678.2311
Mobile: 240.460.0023
Fax:            703.678.2312
www.digitalreasoning.com

On May 23, 2013, at 2:50 PM, Dmitri Pal <d...@redhat.com> wrote:

> On 05/23/2013 01:37 PM, John Moyer wrote:
>> 
>> So I found this page and followed it.  The http daemon works great (no 
>> longer complains about not being the cert for my URL.  However, now I can't 
>> bind anymore servers to my IPA server.   The current servers enrolled before 
>> I did this work great (and I can login using my IPA credentials).   However, 
>> I just can't add anymore.   Does anyone have any ideas?  I tried removing 
>> the certs and that made it so I can't start httpd (so I put the cert back). 
>> 
>> 
>> http://freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>> 
>> Thanks, 
>> _____________________________________________________
>> John Moyer
>> 
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> We need more info:
> 
> 1) What version of the client?
> 2) What is the output of the ipa-client-install?
> 3) What the client install log contains?
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> 
> 
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to