Armstrong, Kenneth Lawrence wrote:
Hi all,

I have a RHEL 6 IdM test domain set up.  In production, we have RHEL 5
and RHEL 4 clients as well, so I was going to test that out.

However, I can not get a RHEL 5.9 client to join the domain.

[root@r5-idmclient <mailto:root@r5-idmclient> ~]# ipa-client-install
--server --domain
root        : ERROR    LDAP Error: Connect error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Failed to verify that is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
Installation failed. Rolling back changes.
IPA client is not configured on this system.

Digging a little bit and I see that the ipa-client is an older version:


Doing a yum update/upgrade doesn't show a newer version.

I was considering a manual installation, but the ipa-admintools don't
appear to be available for RHEL 5.9?

Is there a way to make this work?

I'd first try removing /etc/ipa/ca.crt and try the enrollment again. It should be possible to use the 2.1.3 client in EL 5 to enroll against a 3.x server.

Otherwise we probably need more context from /var/log/ipaclient-install.log to see how the CA was retrieved.


Freeipa-users mailing list

Reply via email to