Armstrong, Kenneth Lawrence wrote:
Hi all,

I have a RHEL 6 IdM test domain set up.  In production, we have RHEL 5
and RHEL 4 clients as well, so I was going to test that out.

However, I can not get a RHEL 5.9 client to join the domain.

[root@r5-idmclient <mailto:root@r5-idmclient> ~]# ipa-client-install
--server lnxrealmtest01.liberty.edu --domain lnxrealmtest.liberty.edu
root        : ERROR    LDAP Error: Connect error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to verify that lnxrealmtest01.liberty.edu is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
Installation failed. Rolling back changes.
IPA client is not configured on this system.


Digging a little bit and I see that the ipa-client is an older version:

ipa-client-2.1.3-5.el5_9.2

Doing a yum update/upgrade doesn't show a newer version.

I was considering a manual installation, but the ipa-admintools don't
appear to be available for RHEL 5.9?

Is there a way to make this work?

I'd first try removing /etc/ipa/ca.crt and try the enrollment again. It should be possible to use the 2.1.3 client in EL 5 to enroll against a 3.x server.

Otherwise we probably need more context from /var/log/ipaclient-install.log to see how the CA was retrieved.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to