[Freeipa-users] client setup failure
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Mar 29 20:21:05 UTC 2011
What patch?
and how do I apply it?
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Wednesday, 30 March 2011 9:16 a.m.
To: Steven Jones
Cc: dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] client setup failure
Steven Jones wrote:
> [root at fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
> Retrieving CA from dc0001.ipa.ac.nz failed.
> Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
> [root at fed14-64-cli01 tmp]#
>
> So the client isnt appearing in the IPA web gui.....so its a total failure to join...
The patch hasn't been applied. It will cause the wget to be non-fatal,
it will just log and return.
rob
>
> regards
>
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Wednesday, 30 March 2011 9:03 a.m.
> To: Steven Jones
> Cc: dpal at redhat.com; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] client setup failure
>
> Steven Jones wrote:
>> I used --force as well....it still ignores it....
>
> More information would be helpful. Ignores it how, what error messages
> do you get, etc.
>
> rob
>
>>
>> regards
>> ________________________________________
>> From: Rob Crittenden [rcritten at redhat.com]
>> Sent: Wednesday, 30 March 2011 8:58 a.m.
>> To: Steven Jones
>> Cc: dpal at redhat.com; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] client setup failure
>>
>> Steven Jones wrote:
>>> uh OK.....but why is it ignoring my --server and --domain ? and going to the dc for the certificate?
>>>
>>> This ticket still does not help me proceed....
>>
>> You need --force as well.
>>
>> We try very hard not to hardcode values into the configuration files
>> which is why we always autodiscover.
>>
>> With the patch and --force it should push through and complete the
>> installation.
>>
>> rob
>>
>>>
>>> regards
>>>
>>>
>>> ________________________________________
>>> From: Rob Crittenden [rcritten at redhat.com]
>>> Sent: Wednesday, 30 March 2011 8:50 a.m.
>>> To: Steven Jones
>>> Cc: dpal at redhat.com; freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] client setup failure
>>>
>>> Steven Jones wrote:
>>>> What do I put in the python script as a work around?
>>>
>>> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html
>>>
>>>>
>>>> regards
>>>> ________________________________________
>>>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
>>>> Sent: Wednesday, 30 March 2011 8:29 a.m.
>>>> To: freeipa-users at redhat.com
>>>> Subject: Re: [Freeipa-users] client setup failure
>>>>
>>>> On 03/29/2011 03:26 PM, Steven Jones wrote:
>>>>> Hi,
>>>>>
>>>>> The DNS is in AD so it cant be set to suit IPA....
>>>>>
>>>>> I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD info....and obviously the cert isnt on the AD box.
>>>>>
>>>>> 8><--------
>>>>>
>>>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
>>>>> installation uses this DNS record in an autodiscovery of IPA server in
>>>>> the given DNS domain.
>>>>>
>>>>> You may want to check the DNS record or set the domain and server
>>>>> manually:
>>>>>
>>>>> # ipa-client-install --server=<your_IPA_server> --domain=<domain>
>>>>>
>>>>
>>>> That was the bug that we fixed last week.
>>>> Rob, did it make the GA?
>>>> Or the bits you are using are not GA.
>>>>
>>>>> Regards,
>>>>> Martin
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>>
>>>> --
>>>> Thank you,
>>>> Dmitri Pal
>>>>
>>>> Sr. Engineering Manager IPA project,
>>>> Red Hat Inc.
>>>>
>>>>
>>>> -------------------------------
>>>> Looking to carve out IT costs?
>>>> www.redhat.com/carveoutcosts/
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
>
More information about the Freeipa-users
mailing list