[Freeipa-users] client setup failure

Rob Crittenden rcritten at redhat.com
Tue Mar 29 20:24:07 UTC 2011 

Steven Jones wrote:
> What patch?
>
> and how do I apply it?

You asked "What do I put in the python script as a work around?" and I 
pointed you to the patch in 
https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html

It is just a 2-liner, you should be able to easily make the changes by hand.

rob

> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Wednesday, 30 March 2011 9:16 a.m.
> To: Steven Jones
> Cc: dpal at redhat.com; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] client setup failure
>
> Steven Jones wrote:
>> [root at fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
>> Retrieving CA from dc0001.ipa.ac.nz failed.
>> Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
>> [root at fed14-64-cli01 tmp]#
>>
>> So the client isnt appearing in the IPA web gui.....so its a total failure to join...
>
> The patch hasn't been applied. It will cause the wget to be non-fatal,
> it will just log and return.
>
> rob
>
>>
>> regards
>>
>> ________________________________________
>> From: Rob Crittenden [rcritten at redhat.com]
>> Sent: Wednesday, 30 March 2011 9:03 a.m.
>> To: Steven Jones
>> Cc: dpal at redhat.com; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] client setup failure
>>
>> Steven Jones wrote:
>>> I used --force as well....it still ignores it....
>>
>> More information would be helpful. Ignores it how, what error messages
>> do you get, etc.
>>
>> rob
>>
>>>
>>> regards
>>> ________________________________________
>>> From: Rob Crittenden [rcritten at redhat.com]
>>> Sent: Wednesday, 30 March 2011 8:58 a.m.
>>> To: Steven Jones
>>> Cc: dpal at redhat.com; freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] client setup failure
>>>
>>> Steven Jones wrote:
>>>> uh OK.....but why is it ignoring my --server and --domain ? and going to the dc for the certificate?
>>>>
>>>> This ticket still does not help me proceed....
>>>
>>> You need --force as well.
>>>
>>> We try very hard not to hardcode values into the configuration files
>>> which is why we always autodiscover.
>>>
>>> With the patch and --force it should push through and complete the
>>> installation.
>>>
>>> rob
>>>
>>>>
>>>> regards
>>>>
>>>>
>>>> ________________________________________
>>>> From: Rob Crittenden [rcritten at redhat.com]
>>>> Sent: Wednesday, 30 March 2011 8:50 a.m.
>>>> To: Steven Jones
>>>> Cc: dpal at redhat.com; freeipa-users at redhat.com
>>>> Subject: Re: [Freeipa-users] client setup failure
>>>>
>>>> Steven Jones wrote:
>>>>> What do I put in the python script as a work around?
>>>>
>>>> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html
>>>>
>>>>>
>>>>> regards
>>>>> ________________________________________
>>>>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
>>>>> Sent: Wednesday, 30 March 2011 8:29 a.m.
>>>>> To: freeipa-users at redhat.com
>>>>> Subject: Re: [Freeipa-users] client setup failure
>>>>>
>>>>> On 03/29/2011 03:26 PM, Steven Jones wrote:
>>>>>> Hi,
>>>>>>
>>>>>> The DNS is in AD so it cant be set to suit IPA....
>>>>>>
>>>>>> I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD info....and obviously the cert isnt on the AD box.
>>>>>>
>>>>>> 8><--------
>>>>>>
>>>>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
>>>>>> installation uses this DNS record in an autodiscovery of IPA server in
>>>>>> the given DNS domain.
>>>>>>
>>>>>> You may want to check the DNS record or set the domain and server
>>>>>> manually:
>>>>>>
>>>>>> # ipa-client-install --server=<your_IPA_server>      --domain=<domain>
>>>>>>
>>>>>
>>>>> That was the bug that we fixed last week.
>>>>> Rob, did it make the GA?
>>>>> Or the bits you are using are not GA.
>>>>>
>>>>>> Regards,
>>>>>> Martin
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-users mailing list
>>>>>> Freeipa-users at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-users mailing list
>>>>>> Freeipa-users at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>
>>>>>
>>>>> --
>>>>> Thank you,
>>>>> Dmitri Pal
>>>>>
>>>>> Sr. Engineering Manager IPA project,
>>>>> Red Hat Inc.
>>>>>
>>>>>
>>>>> -------------------------------
>>>>> Looking to carve out IT costs?
>>>>> www.redhat.com/carveoutcosts/
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-users mailing list
>>>>> Freeipa-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>
>>
>

More information about the Freeipa-users mailing list