On 07/25/2013 03:51 PM, Armstrong, Kenneth Lawrence wrote: > I am still having issues trying to get a RHEL 5.9 client to join a > RHEL 6.4 IdM domain. > > All packages on both systems updated. > > First problem is this: > > ipa-client-install --server lnxrealmtest01.liberty.edu --domain > lnxrealmtest.liberty.edu --enable-dns-updates > > Which fails with: > > root : ERROR Cannot obtain CA certificate > 'ldap://lnxrealmtest01.liberty.edu' doesn't have a certificate. > Installation failed. Rolling back changes. > IPA client is not configured on this system. > > All of the appropriate ports are open on the IdM server, and I > verified this by telnetting to all of them. > > I worked around this by running this: > > wget -O /etc/ipa/ca.crt > http://lnxrealmtest01.liberty.edu/ipa/config/ca.crt > > Then ran: > > ipa-client-install --server lnxrealmtest01.lnxrealmtest.liberty.edu > --domain lnxrealmtest.liberty.edu --enable-dns-updates --no-ntp > --ca-cert-file=/etc/ipa/ca.crt > > And I was having better results, so apparently the RHEL 5.9 > ipa-client-install does not want to download my cert.
This rings the bell. It sounds like a known issue for 5.9 openssl libraries. Rob can you add details please? > > > On to the next problem: > > > User authorized to enroll computers: admin > Synchronizing time with KDC... > Password for [email protected] > <mailto:[email protected]>: > > Joining realm failed: SASL Bind failed Local error (-2) ! > child exited with 9 > Installation failed. Rolling back changes. > > > It is the same user that I use to login to the web interface, and I am > 100% positive that I am not entering the password incorrectly. So why > else would the admin user not be able to bind to my IdM setup? > > -Kenny > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
