[Freeipa-users] Cannot obtain CA Certificate
John Dennis
jdennis at redhat.com
Tue Feb 19 03:04:13 UTC 2013
On 02/18/2013 09:06 PM, John Moyer wrote:
> Peter,
>
> The client is pointing to DNS for the server. Here is the log info
> from the ipa-client-log (in /var/log/). I haven't tried the other stuff
> yet, I'll respond back when I get a chance to check out the CA cert things.
>
>
> 2013-02-19T02:01:37Z DEBUG args=kinit ipa-bind at EXAMPLE.COM
When the client installer tries to retrieve the CA cert from LDAP it
uses a GSSAPI bind and they error you're getting is that it cannot
perform a bind with the credentials from above.
Did you provide the password for ipa-bind? Are you running the client
install interactively?
Is the realm EXAMPLE.COM really correct?
Are you able to do a kinit for ipa-bind at EXAMPLE.COM on the client
successfully?
Are your kerberos ports open?
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list