Dmitri, Here are the corresponding answers, thanks for the quick response.
1. ipa-client-3.0.0-26.el6_4.2.x86_64 2. [root@ ~]# ipa-client-install --domain=digitalreasoning.com --server=ipa1.corp.digitalreasoning.com --realm=EXAMPLE.COM -p builduser -w "BLAH" -U Hostname: client.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: server.example.com BaseDN: dc=example,dc=com Synchronizing time with KDC... Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates Installation failed. Rolling back changes. IPA client is not configured on this system. 3. 2013-05-23T17:45:16Z DEBUG args=kinit buildu...@example.com 2013-05-23T17:45:16Z DEBUG stdout=Password for buildu...@example.com: 2013-05-23T17:45:16Z DEBUG stderr= 2013-05-23T17:45:16Z DEBUG trying to retrieve CA cert via LDAP from ldap://server.example.com 2013-05-23T17:45:16Z DEBUG Existing CA cert and Retrieved CA cert are identical 2013-05-23T17:45:16Z DEBUG args=/usr/sbin/ipa-join -s server.example.com -b dc=example,dc=com 2013-05-23T17:45:16Z DEBUG stdout= 2013-05-23T17:45:16Z DEBUG stderr=libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates 2013-05-23T17:45:16Z ERROR Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates 2013-05-23T17:45:16Z ERROR Installation failed. Rolling back changes. 2013-05-23T17:45:16Z ERROR IPA client is not configured on this system. Thanks, _____________________________________________________ John Moyer Director, IT Operations Digital Reasoning Systems, Inc. john.mo...@digitalreasoning.com Office: 703.678.2311 Mobile: 240.460.0023 Fax: 703.678.2312 www.digitalreasoning.com On May 23, 2013, at 2:50 PM, Dmitri Pal <d...@redhat.com> wrote: > On 05/23/2013 01:37 PM, John Moyer wrote: >> >> So I found this page and followed it. The http daemon works great (no >> longer complains about not being the cert for my URL. However, now I can't >> bind anymore servers to my IPA server. The current servers enrolled before >> I did this work great (and I can login using my IPA credentials). However, >> I just can't add anymore. Does anyone have any ideas? I tried removing >> the certs and that made it so I can't start httpd (so I put the cert back). >> >> >> http://freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP >> >> Thanks, >> _____________________________________________________ >> John Moyer >> >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipaemail@example.com >> https://www.redhat.com/mailman/listinfo/freeipa-users > > We need more info: > > 1) What version of the client? > 2) What is the output of the ipa-client-install? > 3) What the client install log contains? > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users