Hello everyone, We've run into an issue with our instance of IPA. Our LDAP certificate was deleted with the command "ldapdelete -Y GSSAPI "cn=CAcert,cn=ipa,cn=etc,dc=example,dc=test"". When we now attempt to enroll servers as IPA clients, we get the following (sanitized for this email) output:
[root@server1 ~]# ipa-client-install –enable-dns-updates Discovery was successful! Hostname: server1.SERVER.local Realm: SERVER.LOCAL DNS Domain: SERVER.local IPA Server: ipaserver1.SERVER.local BaseDN: dc=server dc=local Continue to configure the system with these values? [no]: yes User authorized to enroll computers: bob Synchronizing time with KDC... Password for bob@SERVER.LOCAL: Cannot obtain CA certificate 'ldap://ipaserver1.SERVER.local' doesn't have a certificate. Installation failed. Rolling back changes. IPA client is not configured on this system. Advice on how to remediate this issue would be welcomed with open arms. Thank you for your time, Danielle Witherspoon
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project