Re: [Freeipa-users] client setup failure

2011-03-29 Thread Martin Kosek
On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
 Trying to set up a fed14 cleint and since DNS is on the AD server (dc0002) 
 there is no dns_discoveryso as per doc I ran the install and it should 
 ask me for the infobut it fails with,
 
 Complete!
 [root@fed14-64-cli01 yum.repos.d]# ipa-client-install
 DNS discovery failed to determine your DNS domain
 Please provide the domain name of your IPA server (ex: example.com): ipa.ac.nz
 Retrieving CA from dc0002.ipa.ac.nz failed.
 Command '/usr/bin/wget -O /tmp/tmpzR381G/ca.crt 
 http://dc0002.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 4
 [root@fed14-64-cli01 yum.repos.d]#
 
 So its asking the dns server for the cert which doesnt have it instead of the 
 ipa serverwhich does.
 
 I think the install script needs some work
 
 regards

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server --domain=domain

Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread tomasz.napier...@allegro.pl

On 2011-03-29, at 10:20, Martin Kosek wrote:

 On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
 
 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

In AD managed zone that would be domain controller itself.

pz
-- 
Tomasz Z. Napierała
Systems Architecture Engineer,
IT Infrastructure Department
Allegro Team
http://www.allegro.pl/

Grupa Allegro Sp. z o.o. z siedzibą w Poznaniu, 60-324 Poznań, przy ul. 
Marcelińskiej 90, wpisana do rejestru przedsiębiorców prowadzonego przez Sąd 
Rejonowy Poznań - Nowe Miasto i Wilda, Wydział VIII Gospodarczy Krajowego 
Rejestru Sądowego pod numerem KRS 268796, o kapitale zakładowym w wysokości 
33 474 500 zł, posiadająca numer identyfikacji podatkowej NIP: 5272525995.


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] client setup failure

2011-03-29 Thread Martin Kosek
On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote:
 On 2011-03-29, at 10:20, Martin Kosek wrote:
 
  On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
  
  What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
  installation uses this DNS record in an autodiscovery of IPA server in
  the given DNS domain.
 
 In AD managed zone that would be domain controller itself.
 
 pz

You are right. In that case the autodiscovery have to be skipped and
--server/--domain parameters need to be added to the client installation
script manually.

Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Martin Kosek wrote:

On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote:

On 2011-03-29, at 10:20, Martin Kosek wrote:


On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.


In AD managed zone that would be domain controller itself.

pz


You are right. In that case the autodiscovery have to be skipped and
--server/--domain parameters need to be added to the client installation
script manually.

Martin


Yes, please try with --server as a workaround.

This is a rather tricky one. We fetch the IPA CA so we can make a TLS 
connection and gather some data for autodiscovery. I guess we need to 
make the failure to retrieve the CA non-fatal, I'm just not sure what 
other implications that will have. I thought we passed along the 
provided server to to autodiscovery so this wouldn't happen.


I've opened https://fedorahosted.org/freeipa/ticket/1135 to track this.

thanks

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server --domain=domain

Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
How do I add these manually to the script?  

regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Martin Kosek [mko...@redhat.com]
Sent: Tuesday, 29 March 2011 11:52 p.m.
To: tomasz.napier...@allegro.pl
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On Tue, 2011-03-29 at 12:49 +0200, tomasz.napier...@allegro.pl wrote:
 On 2011-03-29, at 10:20, Martin Kosek wrote:

  On Tue, 2011-03-29 at 00:08 +, Steven Jones wrote:
 
  What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
  installation uses this DNS record in an autodiscovery of IPA server in
  the given DNS domain.

 In AD managed zone that would be domain controller itself.

 pz

You are right. In that case the autodiscovery have to be skipped and
--server/--domain parameters need to be added to the client installation
script manually.

Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Dmitri Pal
On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the cert 
 isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server --domain=domain


That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Dmitri Pal wrote:

On 03/29/2011 03:26 PM, Steven Jones wrote:

Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server  --domain=domain



That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.


This is a different problem. The retrieval of the CA during discovery 
(which we always do) is causing the install to quit.


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
Hi,

This is RC3 on F14 which seems to be the latest available for F14?, guess you 
need a rc4..not F15 with 2.0that's alphaI have enough bugs to 
battle with.  

regards



From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the cert 
 isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server --domain=domain


That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
What do I put in the python script as a work around?

regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the cert 
 isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server --domain=domain


That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:

What do I put in the python script as a work around?


https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html



regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:

Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server  --domain=domain



That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.


Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
uh OK.but why is it ignoring my --server and --domain ? and going to the dc 
for the certificate?

This ticket still does not help me proceed

regards



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:50 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
 What do I put in the python script as a work around?

https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html


 regards
 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
 behalf of Dmitri Pal [d...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:29 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the cert 
 isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server  --domain=domain


 That was the bug that we fixed last week.
 Rob, did it make the GA?
 Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


 --
 Thank you,
 Dmitri Pal

 Sr. Engineering Manager IPA project,
 Red Hat Inc.


 ---
 Looking to carve out IT costs?
 www.redhat.com/carveoutcosts/



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:

uh OK.but why is it ignoring my --server and --domain ? and going to the dc 
for the certificate?

This ticket still does not help me proceed


You need --force as well.

We try very hard not to hardcode values into the configuration files 
which is why we always autodiscover.


With the patch and --force it should push through and complete the 
installation.


rob



regards



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:50 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

What do I put in the python script as a work around?


https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html



regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:

Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server   --domain=domain



That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.


Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users




___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
I used --force as wellit still ignores it

regards

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:58 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
 uh OK.but why is it ignoring my --server and --domain ? and going to the 
 dc for the certificate?

 This ticket still does not help me proceed

You need --force as well.

We try very hard not to hardcode values into the configuration files
which is why we always autodiscover.

With the patch and --force it should push through and complete the
installation.

rob


 regards


 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:50 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 What do I put in the python script as a work around?

 https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html


 regards
 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
 behalf of Dmitri Pal [d...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:29 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the cert 
 isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server   --domain=domain


 That was the bug that we fixed last week.
 Rob, did it make the GA?
 Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


 --
 Thank you,
 Dmitri Pal

 Sr. Engineering Manager IPA project,
 Red Hat Inc.


 ---
 Looking to carve out IT costs?
 www.redhat.com/carveoutcosts/



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:

I used --force as wellit still ignores it


More information would be helpful. Ignores it how, what error messages 
do you get, etc.


rob



regards

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:58 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

uh OK.but why is it ignoring my --server and --domain ? and going to the dc 
for the certificate?

This ticket still does not help me proceed


You need --force as well.

We try very hard not to hardcode values into the configuration files
which is why we always autodiscover.

With the patch and --force it should push through and complete the
installation.

rob



regards



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:50 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

What do I put in the python script as a work around?


https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html



regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:

Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server--domain=domain



That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.


Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users






___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
[root@fed14-64-cli01 tmp]# ipa-client-install --server 
fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
Retrieving CA from dc0001.ipa.ac.nz failed.
Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt 
http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
[root@fed14-64-cli01 tmp]#

So the client isnt appearing in the IPA web gui.so its a total failure to 
join...

regards


From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:03 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
 I used --force as wellit still ignores it

More information would be helpful. Ignores it how, what error messages
do you get, etc.

rob


 regards
 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:58 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 uh OK.but why is it ignoring my --server and --domain ? and going to the 
 dc for the certificate?

 This ticket still does not help me proceed

 You need --force as well.

 We try very hard not to hardcode values into the configuration files
 which is why we always autodiscover.

 With the patch and --force it should push through and complete the
 installation.

 rob


 regards


 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:50 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 What do I put in the python script as a work around?

 https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html


 regards
 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] 
 on behalf of Dmitri Pal [d...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:29 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the cert 
 isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server--domain=domain


 That was the bug that we fixed last week.
 Rob, did it make the GA?
 Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


 --
 Thank you,
 Dmitri Pal

 Sr. Engineering Manager IPA project,
 Red Hat Inc.


 ---
 Looking to carve out IT costs?
 www.redhat.com/carveoutcosts/



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users




___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:

[root@fed14-64-cli01 tmp]# ipa-client-install --server 
fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
Retrieving CA from dc0001.ipa.ac.nz failed.
Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt 
http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
[root@fed14-64-cli01 tmp]#

So the client isnt appearing in the IPA web gui.so its a total failure to 
join...


The patch hasn't been applied. It will cause the wget to be non-fatal, 
it will just log and return.


rob



regards


From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:03 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

I used --force as wellit still ignores it


More information would be helpful. Ignores it how, what error messages
do you get, etc.

rob



regards

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:58 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

uh OK.but why is it ignoring my --server and --domain ? and going to the dc 
for the certificate?

This ticket still does not help me proceed


You need --force as well.

We try very hard not to hardcode values into the configuration files
which is why we always autodiscover.

With the patch and --force it should push through and complete the
installation.

rob



regards



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:50 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

What do I put in the python script as a work around?


https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html



regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:

Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server --domain=domain



That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.


Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users








___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
What patch?

and how do I apply it?

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:16 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
 [root@fed14-64-cli01 tmp]# ipa-client-install --server 
 fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
 Retrieving CA from dc0001.ipa.ac.nz failed.
 Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt 
 http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
 [root@fed14-64-cli01 tmp]#

 So the client isnt appearing in the IPA web gui.so its a total failure to 
 join...

The patch hasn't been applied. It will cause the wget to be non-fatal,
it will just log and return.

rob


 regards

 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 9:03 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 I used --force as wellit still ignores it

 More information would be helpful. Ignores it how, what error messages
 do you get, etc.

 rob


 regards
 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:58 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 uh OK.but why is it ignoring my --server and --domain ? and going to 
 the dc for the certificate?

 This ticket still does not help me proceed

 You need --force as well.

 We try very hard not to hardcode values into the configuration files
 which is why we always autodiscover.

 With the patch and --force it should push through and complete the
 installation.

 rob


 regards


 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:50 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 What do I put in the python script as a work around?

 https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html


 regards
 
 From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] 
 on behalf of Dmitri Pal [d...@redhat.com]
 Sent: Wednesday, 30 March 2011 8:29 a.m.
 To: freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 On 03/29/2011 03:26 PM, Steven Jones wrote:
 Hi,

 The DNS is in AD so it cant be set to suit IPA

 I did as below and even with --force your script ignores these flags, it 
 insists on doing AD lookups and gets the AD infoand obviously the 
 cert isnt on the AD box.

 8

 What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
 installation uses this DNS record in an autodiscovery of IPA server in
 the given DNS domain.

 You may want to check the DNS record or set the domain and server
 manually:

 # ipa-client-install --server=your_IPA_server --domain=domain


 That was the bug that we fixed last week.
 Rob, did it make the GA?
 Or the bits you are using are not GA.

 Regards,
 Martin

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users


 --
 Thank you,
 Dmitri Pal

 Sr. Engineering Manager IPA project,
 Red Hat Inc.


 ---
 Looking to carve out IT costs?
 www.redhat.com/carveoutcosts/



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users





___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:

What patch?

and how do I apply it?


You asked What do I put in the python script as a work around? and I 
pointed you to the patch in 
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html


It is just a 2-liner, you should be able to easily make the changes by hand.

rob



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:16 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

[root@fed14-64-cli01 tmp]# ipa-client-install --server 
fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
Retrieving CA from dc0001.ipa.ac.nz failed.
Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt 
http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
[root@fed14-64-cli01 tmp]#

So the client isnt appearing in the IPA web gui.so its a total failure to 
join...


The patch hasn't been applied. It will cause the wget to be non-fatal,
it will just log and return.

rob



regards


From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:03 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

I used --force as wellit still ignores it


More information would be helpful. Ignores it how, what error messages
do you get, etc.

rob



regards

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:58 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

uh OK.but why is it ignoring my --server and --domain ? and going to the dc 
for the certificate?

This ticket still does not help me proceed


You need --force as well.

We try very hard not to hardcode values into the configuration files
which is why we always autodiscover.

With the patch and --force it should push through and complete the
installation.

rob



regards



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 8:50 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

What do I put in the python script as a work around?


https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html



regards

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Dmitri Pal [d...@redhat.com]
Sent: Wednesday, 30 March 2011 8:29 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

On 03/29/2011 03:26 PM, Steven Jones wrote:

Hi,

The DNS is in AD so it cant be set to suit IPA

I did as below and even with --force your script ignores these flags, it 
insists on doing AD lookups and gets the AD infoand obviously the cert isnt 
on the AD box.

8

What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
installation uses this DNS record in an autodiscovery of IPA server in
the given DNS domain.

You may want to check the DNS record or set the domain and server
manually:

# ipa-client-install --server=your_IPA_server  --domain=domain



That was the bug that we fixed last week.
Rob, did it make the GA?
Or the bits you are using are not GA.


Regards,
Martin

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



--
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users










___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones


From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:24 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
 What patch?

 and how do I apply it?

You asked What do I put in the python script as a work around? and I
pointed you to the patch in
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html

It is just a 2-liner, you should be able to easily make the changes by hand.

rob

8

Interesting assumptionand no it could be japanese or something Im not a 
programmer.

regards



___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:24 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

What patch?

and how do I apply it?


You asked What do I put in the python script as a work around? and I
pointed you to the patch in
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html

It is just a 2-liner, you should be able to easily make the changes by hand.

rob

8

Interesting assumptionand no it could be japanese or something Im not a 
programmer.

regards




# cd /usr/lib/python2.7/site-packages
# patch -p2  /path/to/freeipa-rcrit-758-client.patch

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
Hi,

Thanks, but still no luck,

Obviously dc0001 isnt the IPA server.

[root@fed14-64-cli01 site-packages]# patch -p2  ~jonesst1/binFtBcaDVUoI.bin 
patching file ipaclient/ipadiscovery.py
[root@fed14-64-cli01 site-packages]# ipa-client-install --server 
fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
Failed to verify that dc0001.ipa.ac.nz is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
[root@fed14-64-cli01 site-packages]# 

regards

Steven

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 10:06 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 9:24 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 What patch?

 and how do I apply it?

 You asked What do I put in the python script as a work around? and I
 pointed you to the patch in
 https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html

 It is just a 2-liner, you should be able to easily make the changes by hand.

 rob

 8

 Interesting assumptionand no it could be japanese or something Im not a 
 programmer.

 regards



# cd /usr/lib/python2.7/site-packages
# patch -p2  /path/to/freeipa-rcrit-758-client.patch

rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Rob Crittenden

Steven Jones wrote:

Hi,

Thanks, but still no luck,

Obviously dc0001 isnt the IPA server.

[root@fed14-64-cli01 site-packages]# patch -p2  ~jonesst1/binFtBcaDVUoI.bin
patching file ipaclient/ipadiscovery.py
[root@fed14-64-cli01 site-packages]# ipa-client-install --server 
fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
Failed to verify that dc0001.ipa.ac.nz is an IPA Server.
This may mean that the remote server is not up or is not reachable
due to network or firewall settings.
[root@fed14-64-cli01 site-packages]#


We must have made other changes to this since rc3. You can try building 
the 2.0.0 rpms on F-14 using the F-15 src.rpm. You'd still need this 
patch though.


rob



regards

Steven

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 10:06 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:



From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 9:24 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:

What patch?

and how do I apply it?


You asked What do I put in the python script as a work around? and I
pointed you to the patch in
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html

It is just a 2-liner, you should be able to easily make the changes by hand.

rob

8

Interesting assumptionand no it could be japanese or something Im not a 
programmer.

regards




# cd /usr/lib/python2.7/site-packages
# patch -p2  /path/to/freeipa-rcrit-758-client.patch

rob


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] client setup failure

2011-03-29 Thread Steven Jones
Hi

Way too time consuming and too much of a challenge.I will abandon IPA for 
now..

Thanks.

Might re-visit on F14 rc4 or something.

I think you really need to re-examine how you do your development.too many 
things being developed and on a developing platform is stupidity IMHO.  F15 
itself is alpha codecrazy

regards

Steven

From: Rob Crittenden [rcrit...@redhat.com]
Sent: Wednesday, 30 March 2011 10:23 a.m.
To: Steven Jones
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
 Hi,

 Thanks, but still no luck,

 Obviously dc0001 isnt the IPA server.

 [root@fed14-64-cli01 site-packages]# patch -p2  ~jonesst1/binFtBcaDVUoI.bin
 patching file ipaclient/ipadiscovery.py
 [root@fed14-64-cli01 site-packages]# ipa-client-install --server 
 fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
 Failed to verify that dc0001.ipa.ac.nz is an IPA Server.
 This may mean that the remote server is not up or is not reachable
 due to network or firewall settings.
 [root@fed14-64-cli01 site-packages]#

We must have made other changes to this since rc3. You can try building
the 2.0.0 rpms on F-14 using the F-15 src.rpm. You'd still need this
patch though.

rob


 regards

 Steven
 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 10:06 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:

 
 From: Rob Crittenden [rcrit...@redhat.com]
 Sent: Wednesday, 30 March 2011 9:24 a.m.
 To: Steven Jones
 Cc: d...@redhat.com; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] client setup failure

 Steven Jones wrote:
 What patch?

 and how do I apply it?

 You asked What do I put in the python script as a work around? and I
 pointed you to the patch in
 https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html

 It is just a 2-liner, you should be able to easily make the changes by hand.

 rob

 8

 Interesting assumptionand no it could be japanese or something Im not a 
 programmer.

 regards



 # cd /usr/lib/python2.7/site-packages
 # patch -p2  /path/to/freeipa-rcrit-758-client.patch

 rob


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users