I am still having issues trying to get a RHEL 5.9 client to join a RHEL 6.4 IdM 

All packages on both systems updated.

First problem is this:

ipa-client-install --server lnxrealmtest01.liberty.edu --domain 
lnxrealmtest.liberty.edu --enable-dns-updates

Which fails with:

root        : ERROR    Cannot obtain CA certificate
'ldap://lnxrealmtest01.liberty.edu' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.

All of the appropriate ports are open on the IdM server, and I verified this by 
telnetting to all of them.

I worked around this by running this:

wget -O /etc/ipa/ca.crt http://lnxrealmtest01.liberty.edu/ipa/config/ca.crt

Then ran:

ipa-client-install --server lnxrealmtest01.lnxrealmtest.liberty.edu --domain 
lnxrealmtest.liberty.edu --enable-dns-updates --no-ntp 

And I was having better results, so apparently the RHEL 5.9 ipa-client-install 
does not want to download my cert.

On to the next problem:

User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for 

Joining realm failed: SASL Bind failed Local error (-2) !
child exited with 9
Installation failed. Rolling back changes.

It is the same user that I use to login to the web interface, and I am 100% 
positive that I am not entering the password incorrectly.  So why else would 
the admin user not be able to bind to my IdM setup?

Freeipa-users mailing list

Reply via email to