On 07/25/2013 03:51 PM, Armstrong, Kenneth Lawrence wrote:
> I am still having issues trying to get a RHEL 5.9 client to join a
> RHEL 6.4 IdM domain.
>
> All packages on both systems updated.
>
> First problem is this:
>
> ipa-client-install --server lnxrealmtest01.liberty.edu --domain
> lnxrealmtest.liberty.edu --enable-dns-updates
>
> Which fails with:
>
> root        : ERROR    Cannot obtain CA certificate
> 'ldap://lnxrealmtest01.liberty.edu' doesn't have a certificate.
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
>
> All of the appropriate ports are open on the IdM server, and I
> verified this by telnetting to all of them.
>
> I worked around this by running this:
>
> wget -O /etc/ipa/ca.crt
> http://lnxrealmtest01.liberty.edu/ipa/config/ca.crt
>
> Then ran:
>
> ipa-client-install --server lnxrealmtest01.lnxrealmtest.liberty.edu
> --domain lnxrealmtest.liberty.edu --enable-dns-updates --no-ntp
> --ca-cert-file=/etc/ipa/ca.crt
>
> And I was having better results, so apparently the RHEL 5.9
> ipa-client-install does not want to download my cert.

This rings the bell. It sounds like a known issue for 5.9 openssl libraries.
Rob can you add details please?

>
>
> On to the next problem:
>
>
> User authorized to enroll computers: admin
> Synchronizing time with KDC...
> Password for ad...@lnxrealmtest.liberty.edu
> <mailto:ad...@lnxrealmtest.liberty.edu>:
>
> Joining realm failed: SASL Bind failed Local error (-2) !
> child exited with 9
> Installation failed. Rolling back changes.
>
>
> It is the same user that I use to login to the web interface, and I am
> 100% positive that I am not entering the password incorrectly.  So why
> else would the admin user not be able to bind to my IdM setup?
>
> -Kenny
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to