Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

Hi Flo, First of all, thanks a lot for taking your time to reproduced the issue from your end, you have been very helpful and you are the best! Here're the what I observed after some more tests: 1. In this case I used Entrust(www.entrust.com) certificate service, and they provided root-G2-L1K ce

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

On 12/16/2016 03:54 PM, Florence Blanc-Renaud wrote: On 12/15/2016 08:01 PM, beeth beeth wrote: Hi Flo, That's a good point! I checked the dirsrv certificate and confirmed valid(good until later next year). Since I had no problem to enroll another new IPA client(RHEL7 box instead of RHEL6) to s

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

On 12/15/2016 08:01 PM, beeth beeth wrote: Hi Flo, That's a good point! I checked the dirsrv certificate and confirmed valid(good until later next year). Since I had no problem to enroll another new IPA client(RHEL7 box instead of RHEL6) to such replica server, I thought it might not be a server

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

Hi Flo, That's a good point! I checked the dirsrv certificate and confirmed valid(good until later next year). Since I had no problem to enroll another new IPA client(RHEL7 box instead of RHEL6) to such replica server, I thought it might not be a server end issue. However, when I tried to restart

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

On 12/14/2016 07:49 PM, beeth beeth wrote: Hi Flo, Thanks for the great hint! I reran the ipa-client-install on the rhel6 box(ipadev6), and monitored the access log file you mentioned on the replica: # ipa-client-install --domain=ipa.example.com --server=ipaprd2.example

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

Hi Flo, Thanks for the great hint! I reran the ipa-client-install on the rhel6 box(ipadev6), and monitored the access log file you mentioned on the replica: # ipa-client-install --domain=ipa.example.com --server=ipaprd2.example.com --hostname=ipadev6.example.com -d ( ipaprd2 = primary IPA serve

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

On 12/14/2016 01:08 PM, beeth beeth wrote: Thanks David. I installed both the master and replica IPA servers with third-party certificates(Verisign), but I doubt that could be the issue, because I had no problem to run the same ipa-client-install command on a RHEL7 machine(of course, the --hostna

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

Thanks David. I installed both the master and replica IPA servers with third-party certificates(Verisign), but I doubt that could be the issue, because I had no problem to run the same ipa-client-install command on a RHEL7 machine(of course, the --hostname used a different hostname of the server).

Re: [Freeipa-users] Failed ipa-client-install with IPA Replica

On 13/12/16 05:44, beeth beeth wrote: I have two IPA servers ipaprd1.example.com and ipaprd2.example.com, running ipa 4.4 on RHEL7. When I tried to install/configure the client on a RHEL6 system(called ipadev6), I had issue when I tried to enroll it with the replica(ipaprd2), while no issue with