On Wed, 14 Jan 2015, Orion Poplawski wrote:
After running ipa-server-install like this:ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12 --http_pin=XXX --idstart=8000 I'm not configuring bind. I ended up with a broken krb5.conf with entries like: [libdefaults] default_realm = # [realms] NWRA.COM = { kdc = server.nwra.com:88 master_kdc = server.nwra.com:88 admin_server = server.nwra.com:749 default_domain = nwra.com pkinit_anchors = FILE:/etc/ipa/ca.crt } # = { kdc = server.nwra.com:88 admin_server = server.nwra.com:749 } [domain_realm] .nwra.com = NWRA.COM nwra.com = NWRA.COM # = # .# = # Any idea where the #'s are coming from? ipa-server-3.3.3-28.el7_0.3.x86_64
/var/log/ipaserver-install.log and ipaclient-install.log have all the details. You may send them off-list. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
