[Freeipa-users] Cannot obtain CA Certificate
John Moyer
john.moyer at digitalreasoning.com
Tue Feb 26 16:55:10 UTC 2013
Sorry for the late response, so I tried this, and it changed the error to the following:
Synchronizing time with KDC...
Joining realm failed: HTTP response code is 401, not 200
Installation failed. Rolling back changes.
Looking at debug this is what I see:
< HTTP/1.1 401 Authorization Required
< Date: Tue, 26 Feb 2013 16:54:21 GMT
< Server: Apache/2.2.15 (CentOS)
* gss_init_sec_context() failed: : Server krbtgt/COM at EXAMPLE.COM not found in Kerberos database< WWW-Authenticate: Negotiate
< Last-Modified: Wed, 23 Jan 2013 22:16:50 GMT
< ETag: "4627-740-4d3fc0cfd7880"
< Accept-Ranges: bytes
< Content-Length: 1856
< Connection: close
< Content-Type: text/html; charset=UTF-8
Thanks,
_____________________________________________________
John Moyer
On Feb 19, 2013, at 6:35 AM, Jan-Frode Myklebust <janfrode at tanso.net> wrote:
>> ipa : ERROR Cannot obtain CA certificate
>> 'ldap://ipa1.example.com' doesn't have a certificate.
>> Installation failed. Rolling back changes.
>> IPA client is not configured on this system.
>
> FYI, I have this same issue when enrolling RHEL5 clients. Have been
> doing this as a workaround:
>
> wget -O /etc/ipa/ca.crt http://ipa1.example.com/ipa/config/ca.crt
> ipa-client-install --no-ntp --mkhomedir --ca-cert-file=/etc/ipa/ca.crt
>
>
>
> -jf
More information about the Freeipa-users
mailing list