I am still having issues trying to get a RHEL 5.9 client to join a RHEL 6.4 IdM domain.
All packages on both systems updated. First problem is this: ipa-client-install --server lnxrealmtest01.liberty.edu --domain lnxrealmtest.liberty.edu --enable-dns-updates Which fails with: root : ERROR Cannot obtain CA certificate 'ldap://lnxrealmtest01.liberty.edu' doesn't have a certificate. Installation failed. Rolling back changes. IPA client is not configured on this system. All of the appropriate ports are open on the IdM server, and I verified this by telnetting to all of them. I worked around this by running this: wget -O /etc/ipa/ca.crt http://lnxrealmtest01.liberty.edu/ipa/config/ca.crt Then ran: ipa-client-install --server lnxrealmtest01.lnxrealmtest.liberty.edu --domain lnxrealmtest.liberty.edu --enable-dns-updates --no-ntp --ca-cert-file=/etc/ipa/ca.crt And I was having better results, so apparently the RHEL 5.9 ipa-client-install does not want to download my cert. On to the next problem: User authorized to enroll computers: admin Synchronizing time with KDC... Password for ad...@lnxrealmtest.liberty.edu<mailto:ad...@lnxrealmtest.liberty.edu>: Joining realm failed: SASL Bind failed Local error (-2) ! child exited with 9 Installation failed. Rolling back changes. It is the same user that I use to login to the web interface, and I am 100% positive that I am not entering the password incorrectly. So why else would the admin user not be able to bind to my IdM setup? -Kenny
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users