Armstrong, Kenneth Lawrence wrote:
I am still having issues trying to get a RHEL 5.9 client to join a RHEL
6.4 IdM domain.

All packages on both systems updated.

First problem is this:

ipa-client-install --server --domain --enable-dns-updates

Which fails with:

root        : ERROR    Cannot obtain CA certificate
'ldap://' doesn't have a certificate.
Installation failed. Rolling back changes.
IPA client is not configured on this system.

All of the appropriate ports are open on the IdM server, and I verified
this by telnetting to all of them.

I worked around this by running this:

wget -O /etc/ipa/ca.crt

Then ran:

ipa-client-install --server
--domain --enable-dns-updates --no-ntp

And I was having better results, so apparently the RHEL 5.9
ipa-client-install does not want to download my cert.

On to the next problem:

User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for

Joining realm failed: SASL Bind failed Local error (-2) !
child exited with 9
Installation failed. Rolling back changes.

It is the same user that I use to login to the web interface, and I am
100% positive that I am not entering the password incorrectly.  So why
else would the admin user not be able to bind to my IdM setup?

The client install log may have more details. And I'd check the KDC log (on server /var/log/krb5kdc.log) to see why the bind failed.


Freeipa-users mailing list

Reply via email to