[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] ipa-client-install errors via kickstart





On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <rcritten redhat com> wrote:
Charlie Derwent wrote:
Hi

I'm running FreeIPA server on F14 and connecting to a F14 client. When I
run ipa-client-install (via kickstart or after the client has installed)
I'm getting the following error message.

root        : DEBUG
root        : ERROR    LDAP Error: Connect error: Start TLS request
accepted. Server willing to negotiate SSL
Failed to verify that ipa.test.net <http://ipa.test.net> is an IPA server

This may mean that the remote server is not up or is not reachable due
to network or firewall settings

What version of IPA are you running on the client and server?
 
Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit

 
Can you check the 389-ds access log to see if you can see the connection and any errors reported with it?

 Nothing in the access.log on the server.




The ipa server is definately up and running, it's still authenticating
other servers in the network and when I rebuild the client with rhel or
centos it can enroll (almost) without issue (see below).

The second issue was this certmonger related bug where certmonger fails
to start on new install
(https://bugzilla.redhat.com/show_bug.cgi?id=636894) was it resolved in
Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?

Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to restart messagebus after installing certmonger. Should be easy to do in a kickstart.

yeah got the "killall -HUP dbus-daemon" in there now.

Cheers
Charlie

rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]