Could you please share with us the /var/log/ipaclient-install.log ?

Kind regards,

Justin Stephenson

On 07/20/2016 01:23 PM, Rubin Binder wrote:
Hello all,

I am testing Free IPA server for use under a test environment, so far smooth 
sailing and have it up and running, no problems.

The problem is occurring during client installation. I have installed the 
ipa-client package on a clean CentOS 7 OS. When I execute ipa-client-install... 
I get the following:

  Client hostname:
  DNS Domain:
  IPA Server:
  BaseDN: dc=mydomain,dc=com

  Continue to configure the system with these values? [no]: yes
  Skipping synchronizing time with NTP server.
  User authorized to enroll computers: admin
  Password for
  Successfully retrieved CA cert
  Subject: CN=Certificate Authority,O=MYDOMAIN.COM
  Issuer: CN=Certificate Authority,O=MYDOMAIN.COM
  Valid From: Wed Jul 13 13:12:08 2016 UTC
  Valid Until: Sun Jul 13 13:12:08 2036 UTC

  Joining realm failed: HTTP response code is 403, not 200

  Installation failed. Rolling back changes.
  IPA client is not configured on this system.

I can't make sense of why I'd be seeing a 403 error.  I've done my share of 
searching but have not found a similar issue.  Some have report 401 errors in 
some circumstances, but not 403.

Has anyone seen this before.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to