[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] ipa-client-install errors via kickstart



On 06/26/2011 08:35 AM, Charlie Derwent wrote:


On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <rcritten redhat com> wrote:
Charlie Derwent wrote:


On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <rcritten redhat com
<mailto:rcritten redhat com>> wrote:

   Charlie Derwent wrote:

       Hi

       I'm running FreeIPA server on F14 and connecting to a F14
       client. When I
       run ipa-client-install (via kickstart or after the client has
       installed)
       I'm getting the following error message.

       root        : DEBUG
       root        : ERROR    LDAP Error: Connect error: Start TLS request
       accepted. Server willing to negotiate SSL
       Failed to verify that ipa.test.net <http://ipa.test.net>
       <http://ipa.test.net> is an IPA server

       This may mean that the remote server is not up or is not
       reachable due
       to network or firewall settings


   What version of IPA are you running on the client and server?

Server is running 2.0.0.rc3-0
F14 Client is running  2.0.0.rc3-0
RHEL 5.6 Clients are running 2.0-10.el5_6.1
All the boxes are 64-bit

How are you invoking ipa-client-install? The error message looks a bit odd and I'm not sure if it is a mail client mucking it up or something else (the addition of http://ipa.test.net)

rob



   Can you check the 389-ds access log to see if you can see the
   connection and any errors reported with it?

 Nothing in the access.log on the server.




       The ipa server is definately up and running, it's still
       authenticating
       other servers in the network and when I rebuild the client with
       rhel or
       centos it can enroll (almost) without issue (see below).

       The second issue was this certmonger related bug where
       certmonger fails
       to start on new install
       (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
       <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
       resolved in
       Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?


   Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
   restart messagebus after installing certmonger. Should be easy to do
   in a kickstart.


yeah got the "killall -HUP dbus-daemon" in there now.

Cheers
Charlie


   rob




Figured it out! Well partly... it's a dependency issue. I installed pretty much everything onto the box and it started to work but on my cut down server no joy. Finding the missing RPM might be a little bit more trickier unless someone could deduce what RPM's absence could cause that error?

It's hard cause it may be a dependency for the ipa-client or a dependency of a dependency and so forth!


If you are doing a DNS install for the server, you need  bind-dyndb-ldap, which is the LDAP backend for the DNS server.



Cheers
Charlie
_______________________________________________ Freeipa-users mailing list Freeipa-users redhat com https://www.redhat.com/mailman/listinfo/freeipa-users


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]