Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-27 Thread Adam Young

On 06/26/2011 08:35 AM, Charlie Derwent wrote:



On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.com 
mailto:rcrit...@redhat.com wrote:


Charlie Derwent wrote:



On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com
mailto:rcrit...@redhat.com mailto:rcrit...@redhat.com wrote:

   Charlie Derwent wrote:

   Hi

   I'm running FreeIPA server on F14 and connecting to a F14
   client. When I
   run ipa-client-install (via kickstart or after the
client has
   installed)
   I'm getting the following error message.

   root: DEBUG
   root: ERRORLDAP Error: Connect error: Start
TLS request
   accepted. Server willing to negotiate SSL
   Failed to verify that ipa.test.net
http://ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

   This may mean that the remote server is not up or is not
   reachable due
   to network or firewall settings


   What version of IPA are you running on the client and server?

Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit


How are you invoking ipa-client-install? The error message looks a
bit odd and I'm not sure if it is a mail client mucking it up or
something else (the addition of http://ipa.test.net)

rob



   Can you check the 389-ds access log to see if you can see the
   connection and any errors reported with it?

 Nothing in the access.log on the server.




   The ipa server is definately up and running, it's still
   authenticating
   other servers in the network and when I rebuild the
client with
   rhel or
   centos it can enroll (almost) without issue (see below).

   The second issue was this certmonger related bug where
   certmonger fails
   to start on new install
   (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it
   resolved in
   Red Hat 5 as I think i'm expering the issue with my
RH5u6 clients?


   Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix
is to
   restart messagebus after installing certmonger. Should be
easy to do
   in a kickstart.


yeah got the killall -HUP dbus-daemon in there now.

Cheers
Charlie


   rob




Figured it out! Well partly... it's a dependency issue. I installed 
pretty much everything onto the box and it started to work but on my 
cut down server no joy. Finding the missing RPM might be a little bit 
more trickier unless someone could deduce what RPM's absence could 
cause that error?


It's hard cause it may be a dependency for the ipa-client or a 
dependency of a dependency and so forth!



If you are doing a DNS install for the server, you need  
bind-dyndb-ldap, which is the LDAP backend for the DNS server.





Cheers
Charlie


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-27 Thread Charlie Derwent
On Mon, Jun 27, 2011 at 2:07 PM, Adam Young ayo...@redhat.com wrote:

 **
 On 06/26/2011 08:35 AM, Charlie Derwent wrote:



 On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.comwrote:

 Charlie Derwent wrote:



 On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.com
  mailto:rcrit...@redhat.com wrote:

Charlie Derwent wrote:

Hi

I'm running FreeIPA server on F14 and connecting to a F14
client. When I
run ipa-client-install (via kickstart or after the client has
installed)
I'm getting the following error message.

root: DEBUG
root: ERRORLDAP Error: Connect error: Start TLS
 request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

This may mean that the remote server is not up or is not
reachable due
to network or firewall settings


What version of IPA are you running on the client and server?

 Server is running 2.0.0.rc3-0
 F14 Client is running  2.0.0.rc3-0
 RHEL 5.6 Clients are running 2.0-10.el5_6.1
 All the boxes are 64-bit


 How are you invoking ipa-client-install? The error message looks a bit odd
 and I'm not sure if it is a mail client mucking it up or something else (the
 addition of http://ipa.test.net)

 rob



Can you check the 389-ds access log to see if you can see the
connection and any errors reported with it?

  Nothing in the access.log on the server.




The ipa server is definately up and running, it's still
authenticating
other servers in the network and when I rebuild the client with
rhel or
centos it can enroll (almost) without issue (see below).

The second issue was this certmonger related bug where
certmonger fails
to start on new install
(https://bugzilla.redhat.com/__show_bug.cgi?id=636894
https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it
resolved in
Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
restart messagebus after installing certmonger. Should be easy to do
in a kickstart.


 yeah got the killall -HUP dbus-daemon in there now.

 Cheers
 Charlie


rob




 Figured it out! Well partly... it's a dependency issue. I installed pretty
 much everything onto the box and it started to work but on my cut down
 server no joy. Finding the missing RPM might be a little bit more trickier
 unless someone could deduce what RPM's absence could cause that error?

 It's hard cause it may be a dependency for the ipa-client or a dependency
 of a dependency and so forth!


 If you are doing a DNS install for the server, you need  bind-dyndb-ldap,
 which is the LDAP backend for the DNS server.


This was a client side issue (apologies for saying cut down server I meant
server in a hardware sense rather that server/client model). But yeah
bind-dyndb-ldap is installed on my server.

Charlie


 Cheers
 Charlie


 ___
 Freeipa-users mailing 
 listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users



 ___
 Freeipa-users mailing list
 Freeipa-users@redhat.com
 https://www.redhat.com/mailman/listinfo/freeipa-users

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-27 Thread Rob Crittenden

Charlie Derwent wrote:



On Mon, Jun 27, 2011 at 2:07 PM, Adam Young ayo...@redhat.com
mailto:ayo...@redhat.com wrote:

__
On 06/26/2011 08:35 AM, Charlie Derwent wrote:



On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com wrote:

Charlie Derwent wrote:



On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com
mailto:rcrit...@redhat.com mailto:rcrit...@redhat.com
wrote:

   Charlie Derwent wrote:

   Hi

   I'm running FreeIPA server on F14 and connecting to
a F14
   client. When I
   run ipa-client-install (via kickstart or after the
client has
   installed)
   I'm getting the following error message.

   root: DEBUG
   root: ERRORLDAP Error: Connect error:
Start TLS request
   accepted. Server willing to negotiate SSL
   Failed to verify that ipa.test.net
http://ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

   This may mean that the remote server is not up or
is not
   reachable due
   to network or firewall settings


   What version of IPA are you running on the client and
server?

Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit


How are you invoking ipa-client-install? The error message
looks a bit odd and I'm not sure if it is a mail client
mucking it up or something else (the addition of
http://ipa.test.net)

rob



   Can you check the 389-ds access log to see if you can
see the
   connection and any errors reported with it?

 Nothing in the access.log on the server.




   The ipa server is definately up and running, it's still
   authenticating
   other servers in the network and when I rebuild the
client with
   rhel or
   centos it can enroll (almost) without issue (see
below).

   The second issue was this certmonger related bug where
   certmonger fails
   to start on new install
   (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it
   resolved in
   Red Hat 5 as I think i'm expering the issue with my
RH5u6 clients?


   Looks like it wasn't fixed in RHEL 5.x. IIRC the simple
fix is to
   restart messagebus after installing certmonger. Should
be easy to do
   in a kickstart.


yeah got the killall -HUP dbus-daemon in there now.

Cheers
Charlie


   rob




Figured it out! Well partly... it's a dependency issue. I
installed pretty much everything onto the box and it started to
work but on my cut down server no joy. Finding the missing RPM
might be a little bit more trickier unless someone could deduce
what RPM's absence could cause that error?

It's hard cause it may be a dependency for the ipa-client or a
dependency of a dependency and so forth!


If you are doing a DNS install for the server, you need
bind-dyndb-ldap, which is the LDAP backend for the DNS server.


This was a client side issue (apologies for saying cut down server I
meant server in a hardware sense rather that server/client model). But
yeah bind-dyndb-ldap is installed on my server.



A brute force way would be to do rpm -qa  list on both installs so we 
can compare the two and try to find some important difference.


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-27 Thread Adam Young

On 06/27/2011 11:01 AM, Rob Crittenden wrote:

Charlie Derwent wrote:



On Mon, Jun 27, 2011 at 2:07 PM, Adam Young ayo...@redhat.com
mailto:ayo...@redhat.com wrote:

__
On 06/26/2011 08:35 AM, Charlie Derwent wrote:



On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com wrote:

Charlie Derwent wrote:



On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
rcrit...@redhat.com mailto:rcrit...@redhat.com
mailto:rcrit...@redhat.com mailto:rcrit...@redhat.com
wrote:

   Charlie Derwent wrote:

   Hi

   I'm running FreeIPA server on F14 and connecting to
a F14
   client. When I
   run ipa-client-install (via kickstart or after the
client has
   installed)
   I'm getting the following error message.

   root: DEBUG
   root: ERRORLDAP Error: Connect error:
Start TLS request
   accepted. Server willing to negotiate SSL
   Failed to verify that ipa.test.net
http://ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

   This may mean that the remote server is not up or
is not
   reachable due
   to network or firewall settings


   What version of IPA are you running on the client and
server?

Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit


How are you invoking ipa-client-install? The error message
looks a bit odd and I'm not sure if it is a mail client
mucking it up or something else (the addition of
http://ipa.test.net)

rob



   Can you check the 389-ds access log to see if you can
see the
   connection and any errors reported with it?

 Nothing in the access.log on the server.




   The ipa server is definately up and running, it's 
still

   authenticating
   other servers in the network and when I rebuild the
client with
   rhel or
   centos it can enroll (almost) without issue (see
below).

   The second issue was this certmonger related bug 
where

   certmonger fails
   to start on new install
   
(https://bugzilla.redhat.com/__show_bug.cgi?id=636894

https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it
   resolved in
   Red Hat 5 as I think i'm expering the issue with my
RH5u6 clients?


   Looks like it wasn't fixed in RHEL 5.x. IIRC the simple
fix is to
   restart messagebus after installing certmonger. Should
be easy to do
   in a kickstart.


yeah got the killall -HUP dbus-daemon in there now.

Cheers
Charlie


   rob




Figured it out! Well partly... it's a dependency issue. I
installed pretty much everything onto the box and it started to
work but on my cut down server no joy. Finding the missing RPM
might be a little bit more trickier unless someone could deduce
what RPM's absence could cause that error?

It's hard cause it may be a dependency for the ipa-client or a
dependency of a dependency and so forth!


If you are doing a DNS install for the server, you need
bind-dyndb-ldap, which is the LDAP backend for the DNS server.


This was a client side issue (apologies for saying cut down server I
meant server in a hardware sense rather that server/client model). But
yeah bind-dyndb-ldap is installed on my server.



A brute force way would be to do rpm -qa  list on both installs so we 
can compare the two and try to find some important difference.


rob


Would the client install log report an error if something was missing?

/var/log/ipaclient-install.log

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-26 Thread Charlie Derwent
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.com wrote:

 Charlie Derwent wrote:



 On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.com
 mailto:rcrit...@redhat.com wrote:

Charlie Derwent wrote:

Hi

I'm running FreeIPA server on F14 and connecting to a F14
client. When I
run ipa-client-install (via kickstart or after the client has
installed)
I'm getting the following error message.

root: DEBUG
root: ERRORLDAP Error: Connect error: Start TLS request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

This may mean that the remote server is not up or is not
reachable due
to network or firewall settings


What version of IPA are you running on the client and server?

 Server is running 2.0.0.rc3-0
 F14 Client is running  2.0.0.rc3-0
 RHEL 5.6 Clients are running 2.0-10.el5_6.1
 All the boxes are 64-bit


 How are you invoking ipa-client-install? The error message looks a bit odd
 and I'm not sure if it is a mail client mucking it up or something else (the
 addition of http://ipa.test.net)

 rob



Can you check the 389-ds access log to see if you can see the
connection and any errors reported with it?

  Nothing in the access.log on the server.




The ipa server is definately up and running, it's still
authenticating
other servers in the network and when I rebuild the client with
rhel or
centos it can enroll (almost) without issue (see below).

The second issue was this certmonger related bug where
certmonger fails
to start on new install

 (https://bugzilla.redhat.com/_**_show_bug.cgi?id=636894https://bugzilla.redhat.com/__show_bug.cgi?id=636894

 https://bugzilla.redhat.com/**show_bug.cgi?id=636894https://bugzilla.redhat.com/show_bug.cgi?id=636894)
 was it
resolved in
Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
restart messagebus after installing certmonger. Should be easy to do
in a kickstart.


 yeah got the killall -HUP dbus-daemon in there now.

 Cheers
 Charlie


rob




Figured it out! Well partly... it's a dependency issue. I installed pretty
much everything onto the box and it started to work but on my cut down
server no joy. Finding the missing RPM might be a little bit more trickier
unless someone could deduce what RPM's absence could cause that error?

It's hard cause it may be a dependency for the ipa-client or a dependency of
a dependency and so forth!

Cheers
Charlie
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-23 Thread Charlie Derwent
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.comwrote:

 Charlie Derwent wrote:

 Hi

 I'm running FreeIPA server on F14 and connecting to a F14 client. When I
 run ipa-client-install (via kickstart or after the client has installed)
 I'm getting the following error message.

 root: DEBUG
 root: ERRORLDAP Error: Connect error: Start TLS request
 accepted. Server willing to negotiate SSL
 Failed to verify that ipa.test.net http://ipa.test.net is an IPA server

 This may mean that the remote server is not up or is not reachable due
 to network or firewall settings


 What version of IPA are you running on the client and server?


Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit



Can you check the 389-ds access log to see if you can see the connection and
 any errors reported with it?

  Nothing in the access.log on the server.




 The ipa server is definately up and running, it's still authenticating
 other servers in the network and when I rebuild the client with rhel or
 centos it can enroll (almost) without issue (see below).

 The second issue was this certmonger related bug where certmonger fails
 to start on new install
 (https://bugzilla.redhat.com/**show_bug.cgi?id=636894https://bugzilla.redhat.com/show_bug.cgi?id=636894)
 was it resolved in
 Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


 Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to restart
 messagebus after installing certmonger. Should be easy to do in a kickstart.


yeah got the killall -HUP dbus-daemon in there now.

Cheers
Charlie


 rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-23 Thread Rob Crittenden

Charlie Derwent wrote:



On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.com
mailto:rcrit...@redhat.com wrote:

Charlie Derwent wrote:

Hi

I'm running FreeIPA server on F14 and connecting to a F14
client. When I
run ipa-client-install (via kickstart or after the client has
installed)
I'm getting the following error message.

root: DEBUG
root: ERRORLDAP Error: Connect error: Start TLS request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

This may mean that the remote server is not up or is not
reachable due
to network or firewall settings


What version of IPA are you running on the client and server?

Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit


How are you invoking ipa-client-install? The error message looks a bit 
odd and I'm not sure if it is a mail client mucking it up or something 
else (the addition of http://ipa.test.net)


rob



Can you check the 389-ds access log to see if you can see the
connection and any errors reported with it?

  Nothing in the access.log on the server.




The ipa server is definately up and running, it's still
authenticating
other servers in the network and when I rebuild the client with
rhel or
centos it can enroll (almost) without issue (see below).

The second issue was this certmonger related bug where
certmonger fails
to start on new install
(https://bugzilla.redhat.com/__show_bug.cgi?id=636894
https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it
resolved in
Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
restart messagebus after installing certmonger. Should be easy to do
in a kickstart.


yeah got the killall -HUP dbus-daemon in there now.

Cheers
Charlie


rob




___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-23 Thread Charlie Derwent
On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden rcrit...@redhat.com wrote:

 Charlie Derwent wrote:



 On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden rcrit...@redhat.com
 mailto:rcrit...@redhat.com wrote:

Charlie Derwent wrote:

Hi

I'm running FreeIPA server on F14 and connecting to a F14
client. When I
run ipa-client-install (via kickstart or after the client has
installed)
I'm getting the following error message.

root: DEBUG
root: ERRORLDAP Error: Connect error: Start TLS request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net http://ipa.test.net
http://ipa.test.net is an IPA server

This may mean that the remote server is not up or is not
reachable due
to network or firewall settings


What version of IPA are you running on the client and server?

 Server is running 2.0.0.rc3-0
 F14 Client is running  2.0.0.rc3-0
 RHEL 5.6 Clients are running 2.0-10.el5_6.1
 All the boxes are 64-bit


 How are you invoking ipa-client-install? The error message looks a bit odd
 and I'm not sure if it is a mail client mucking it up or something else (the
 addition of http://ipa.test.net)

 rob

 Yeah thats a mail client quirk there was only one http://ipa.test.net in
my original email.

I'm getting the same error if I run ipa-client-install with no switches or
ipa-client-install --server=ipa.test.net --domain=test.net
--realm=TEST.NEThttp://test.net/etc... there are other switches I
have in my kickstart scripts but I'm not
at the lab right now so I couldn't tell you what they are, suffice to say
I'm connecting without any issue if I rekick a rhel or centos build on the
exact same server.

The really weird thing is I have an older box I built to F14 a few weeks ago
and that's been connected for weeks with the exact same client rpm, I just
hope I don't have to rebuild it! Is there anyway to check if the
dependencies between the two builds vary?

Charlie



Can you check the 389-ds access log to see if you can see the
connection and any errors reported with it?

  Nothing in the access.log on the server.




The ipa server is definately up and running, it's still
authenticating
other servers in the network and when I rebuild the client with
rhel or
centos it can enroll (almost) without issue (see below).

The second issue was this certmonger related bug where
certmonger fails
to start on new install

 (https://bugzilla.redhat.com/_**_show_bug.cgi?id=636894https://bugzilla.redhat.com/__show_bug.cgi?id=636894

 https://bugzilla.redhat.com/**show_bug.cgi?id=636894https://bugzilla.redhat.com/show_bug.cgi?id=636894)
 was it
resolved in
Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
restart messagebus after installing certmonger. Should be easy to do
in a kickstart.


 yeah got the killall -HUP dbus-daemon in there now.

 Cheers
 Charlie


rob




___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-22 Thread Steven Jones
Hi,

2.0 or 1.2?

Also ppl who know way more than me always seem to want the logs.

;]

regards

Steven

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Charlie Derwent [shelltoesupers...@gmail.com]
Sent: Wednesday, 22 June 2011 9:44 p.m.
To: freeipa-users@redhat.com
Subject: [Freeipa-users] ipa-client-install errors via kickstart

Hi

I'm running FreeIPA server on F14 and connecting to a F14 client. When I run 
ipa-client-install (via kickstart or after the client has installed) I'm 
getting the following error message.

root: DEBUG
root: ERRORLDAP Error: Connect error: Start TLS request accepted. 
Server willing to negotiate SSL
Failed to verify that ipa.test.nethttp://ipa.test.net is an IPA server
This may mean that the remote server is not up or is not reachable due to 
network or firewall settings



The ipa server is definately up and running, it's still authenticating other 
servers in the network and when I rebuild the client with rhel or centos it can 
enroll (almost) without issue (see below).

The second issue was this certmonger related bug where  certmonger fails to 
start on new install (https://bugzilla.redhat.com/show_bug.cgi?id=636894) was 
it resolved in Red Hat 5 as I think i'm expering the issue with my RH5u6 
clients?

Thanks
Charlie

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] ipa-client-install errors via kickstart

2011-06-22 Thread Rob Crittenden

Charlie Derwent wrote:

Hi

I'm running FreeIPA server on F14 and connecting to a F14 client. When I
run ipa-client-install (via kickstart or after the client has installed)
I'm getting the following error message.

root: DEBUG
root: ERRORLDAP Error: Connect error: Start TLS request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net http://ipa.test.net is an IPA server
This may mean that the remote server is not up or is not reachable due
to network or firewall settings


What version of IPA are you running on the client and server?

Can you check the 389-ds access log to see if you can see the connection 
and any errors reported with it?






The ipa server is definately up and running, it's still authenticating
other servers in the network and when I rebuild the client with rhel or
centos it can enroll (almost) without issue (see below).

The second issue was this certmonger related bug where certmonger fails
to start on new install
(https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it resolved in
Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to 
restart messagebus after installing certmonger. Should be easy to do in 
a kickstart.


rob

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users