On 02/02/2016 11:35 PM, Simpson Lachlan wrote:
> Presuming a regular machine, I've started the join as per instructions:
> yum install ipa-client
> [root@vmts-linux1 ~]# ipa-client-install
> Error checking LDAP: Operations error: 000004DC: LdapErr: DSID-0C0906E8,
> comment: In order to perform this operation a successful bind must be
> completed on the connection., data 0, v1db1
> Discovery was successful!
> Client hostname: vmts-linux1.unix.example.org
> Realm: UNIX.EXAMPLE.ORG
> DNS Domain: unix.example.org
> IPA Server: dc1.example.org
> BaseDN: dc=unix,dc=example,dc=org
> There are two things here that I'd like to understand.
> 1. There was an error, but the process seems to have been successful? Should
> I be investigating that error or is it to be expected?
I suspect that ipa-client-install had problems verifying a server during the
discovery, so it may have assumed some values itself, it probably did it wrong.
Details are in the ipaclient-install.log.
> 2. The IPA server is wrong - the machine it has found the PDC server (with a
> one way trust IPA->AD), but not the IPA server. I can only presume this is in
> error and that I should run the command again explicitly stating the IPA
So are you saying that FreeIPA actually discovered on an AD server? Do you DNS
domain with SRV records for FreeIPA set up? If yes, you can pass it via
"--domain" option of ipa-client-install, without using hard coded server list
via "--server" options.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project