Sorry for the late response, so I tried this, and it changed the error to the following:
Synchronizing time with KDC... Joining realm failed: HTTP response code is 401, not 200 Installation failed. Rolling back changes. Looking at debug this is what I see: < HTTP/1.1 401 Authorization Required < Date: Tue, 26 Feb 2013 16:54:21 GMT < Server: Apache/2.2.15 (CentOS) * gss_init_sec_context() failed: : Server krbtgt/[email protected] not found in Kerberos database< WWW-Authenticate: Negotiate < Last-Modified: Wed, 23 Jan 2013 22:16:50 GMT < ETag: "4627-740-4d3fc0cfd7880" < Accept-Ranges: bytes < Content-Length: 1856 < Connection: close < Content-Type: text/html; charset=UTF-8 Thanks, _____________________________________________________ John Moyer On Feb 19, 2013, at 6:35 AM, Jan-Frode Myklebust <[email protected]> wrote: >> ipa : ERROR Cannot obtain CA certificate >> 'ldap://ipa1.example.com' doesn't have a certificate. >> Installation failed. Rolling back changes. >> IPA client is not configured on this system. > > FYI, I have this same issue when enrolling RHEL5 clients. Have been > doing this as a workaround: > > wget -O /etc/ipa/ca.crt http://ipa1.example.com/ipa/config/ca.crt > ipa-client-install --no-ntp --mkhomedir --ca-cert-file=/etc/ipa/ca.crt > > > > -jf _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
