On Wed, Feb 27, 2013 at 11:52:42AM +0100, Petr Spacek wrote:
> On 27.2.2013 11:34, Jan-Frode Myklebust wrote:
> >
> >I have a similar problem getting a couple of RHEL 6.4 clients working
> >with a 6.3 server (ipa-server-2.2.0-17.el6_3.1.x86_64). When doing the
> >ipa-client-install I get:
> >
> >
Petr Spacek wrote:
On 27.2.2013 11:34, Jan-Frode Myklebust wrote:
On Wed, Feb 27, 2013 at 10:42:49AM +0100, Petr Spacek wrote:
< HTTP/1.1 401 Authorization Required
< Date: Tue, 26 Feb 2013 16:54:21 GMT
< Server: Apache/2.2.15 (CentOS)
* gss_init_sec_context() failed: : Server krbtgt/c...@exa
On 27.2.2013 11:34, Jan-Frode Myklebust wrote:
On Wed, Feb 27, 2013 at 10:42:49AM +0100, Petr Spacek wrote:
< HTTP/1.1 401 Authorization Required
< Date: Tue, 26 Feb 2013 16:54:21 GMT
< Server: Apache/2.2.15 (CentOS)
* gss_init_sec_context() failed: : Server krbtgt/c...@example.com not found i
On Wed, Feb 27, 2013 at 10:42:49AM +0100, Petr Spacek wrote:
> >
> >
> >< HTTP/1.1 401 Authorization Required
> >< Date: Tue, 26 Feb 2013 16:54:21 GMT
> >< Server: Apache/2.2.15 (CentOS)
> >* gss_init_sec_context() failed: : Server krbtgt/c...@example.com not found
> >in Kerberos database< WWW-Aut
On 26.2.2013 17:55, John Moyer wrote:
Sorry for the late response, so I tried this, and it changed the error to the
following:
Synchronizing time with KDC...
Joining realm failed: HTTP response code is 401, not 200
Installation failed. Rolling back changes.
Looking at debug this is what I s
Sorry for the late response, so I tried this, and it changed the error to the
following:
Synchronizing time with KDC...
Joining realm failed: HTTP response code is 401, not 200
Installation failed. Rolling back changes.
Looking at debug this is what I see:
< HTTP/1.1 401 Authorization Requ
> ipa : ERRORCannot obtain CA certificate
> 'ldap://ipa1.example.com' doesn't have a certificate.
> Installation failed. Rolling back changes.
> IPA client is not configured on this system.
FYI, I have this same issue when enrolling RHEL5 clients. Have been
doing this as a workaround:
On 02/18/2013 09:06 PM, John Moyer wrote:
Peter,
The client is pointing to DNS for the server. Here is the log info
from the ipa-client-log (in /var/log/). I haven't tried the other stuff
yet, I'll respond back when I get a chance to check out the CA cert things.
2013-02-19T02:01:37Z DEBUG
February 2013 3:35 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Cannot obtain CA Certificate
On 02/18/2013 09:06 PM, John Moyer wrote:
Peter,
The client is pointing to DNS for the server. Here is the log info from the
ipa-client-log (in /var/log/). I haven't tried the other
On 19 February 2013 12:44, Peter Brown wrote:
>
>
>
> On 19 February 2013 12:06, John Moyer wrote:
>
>> Peter,
>>
>> The client is pointing to DNS for the server. Here is the log info
>> from the ipa-client-log (in /var/log/). I haven't tried the other stuff
>> yet, I'll respond back when I g
On 19 February 2013 12:06, John Moyer wrote:
> Peter,
>
> The client is pointing to DNS for the server. Here is the log info from
> the ipa-client-log (in /var/log/). I haven't tried the other stuff yet,
> I'll respond back when I get a chance to check out the CA cert things.
>
>
> 2013-02-19T0
On 02/18/2013 09:06 PM, John Moyer wrote:
> Peter,
>
> The client is pointing to DNS for the server. Here is the log info
> from the ipa-client-log (in /var/log/). I haven't tried the other
> stuff yet, I'll respond back when I get a chance to check out the CA
> cert things.
>
>
> 2013-02-19T0
Peter,
The client is pointing to DNS for the server. Here is the log info
from the ipa-client-log (in /var/log/). I haven't tried the other stuff yet,
I'll respond back when I get a chance to check out the CA cert things.
2013-02-19T02:01:37Z DEBUG args=kinit ipa-b...@example.com
On 19 February 2013 11:03, John Moyer wrote:
> Peter,
>
> Thanks for the response, I just checked out my security group settings, I
> did have some ports blocked, however, allowing them did not help. I
> installed mmap on the client and did a port scan of the server and got the
> follow:
>
> POR
-users] Cannot obtain CA Certificate
Peter,
Thanks for the response, I just checked out my security group settings, I did
have some ports blocked, however, allowing them did not help. I installed
mmap on the client and did a port scan of the server and got the follow:
PORTSTATE SERVICE
22
Peter,
Thanks for the response, I just checked out my security group settings,
I did have some ports blocked, however, allowing them did not help. I
installed mmap on the client and did a port scan of the server and got the
follow:
PORTSTATE SERVICE
22/tcp open ssh
53/tcp op
Hi John,
I ran into a similar issue with setting up a 2.2 client with a 3.1 server.
It turned out to be that port 80 wasn't open on the freeipa server.
I would check your ports and see if the right ones are open.
I also find that setting up the SRV and TXT records in your dns zone makes
setting up
17 matches
Mail list logo
