Had a server - named ipa001.example.com -- it was a replica. It died. It was re-installed. However, prior to the re-install it was saying the wonderful:

TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

It was rebuilt - new OS and doing a brand new ipa-server-install (NOT a replica or trying to join it back in to the existing ring of servers) and at the end of the ipa-server-install - it gives:

Restarting the directory server
Restarting the KDC
Restarting the certificate server
Restarting the web server
Unable to set admin password Command ''/usr/bin/ldappasswd' '-h' 'ipa001.example.com' '-ZZ' '-x' '-D' 'cn=Directory Manager' '-y' '/var/lib/ipa/tmp5Fxy2Z' '-T' '/var/lib/ipa/tmpnz0jLs' 'uid=admin,cn=users,cn=accounts,dc=example,dc=com'' returned non-zero exit status 1
Configuration of client side components failed!
ipa-client-install returned: Command ''/usr/sbin/ipa-client-install' '--on-master' '--unattended' '--domain' 'example.com' '--server' 'ipa001.example.com' '--realm' 'example.com' '--hostname' 'ipa001.example.com'' returned non-zero exit status 1

and checking /var/log/ipaclient-install.log - the exact same TLS error????

But this is a brand new system, with brand new OS and the install was ipa-server-install to install a clean server.

I don't understand how this is happening. There is no "peer" to be not trusted?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to