<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 06/26/2011 08:35 AM, Charlie Derwent wrote:
<blockquote
cite="mid:BANLkTinmKysYaAg7O-MYiY6k7gkQHn2=Ow@mail.gmail.com"
type="cite"><br>
<br>
<div class="gmail_quote">On Thu, Jun 23, 2011 at 6:54 PM, Rob
Crittenden <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
Charlie Derwent wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div class="im">
<br>
<br>
On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <<a
moz-do-not-send="true" href="mailto:rcritten@redhat.com"
target="_blank">rcritten@redhat.com</a><br>
</div>
<div class="im">
<mailto:<a moz-do-not-send="true"
href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>>>
wrote:<br>
<br>
Charlie Derwent wrote:<br>
<br>
Hi<br>
<br>
I'm running FreeIPA server on F14 and connecting to
a F14<br>
client. When I<br>
run ipa-client-install (via kickstart or after the
client has<br>
installed)<br>
I'm getting the following error message.<br>
<br>
root : DEBUG<br>
root : ERROR LDAP Error: Connect error:
Start TLS request<br>
accepted. Server willing to negotiate SSL<br>
Failed to verify that <a moz-do-not-send="true"
href="http://ipa.test.net" target="_blank">ipa.test.net</a>
<<a moz-do-not-send="true" href="http://ipa.test.net"
target="_blank">http://ipa.test.net</a>><br>
<<a moz-do-not-send="true"
href="http://ipa.test.net" target="_blank">http://ipa.test.net</a>>
is an IPA server<br>
<br>
This may mean that the remote server is not up or
is not<br>
reachable due<br>
to network or firewall settings<br>
<br>
<br>
What version of IPA are you running on the client and
server?<br>
<br>
Server is running 2.0.0.rc3-0<br>
F14 Client is running 2.0.0.rc3-0<br>
RHEL 5.6 Clients are running 2.0-10.el5_6.1<br>
All the boxes are 64-bit<br>
</div>
</blockquote>
<br>
How are you invoking ipa-client-install? The error message
looks a bit odd and I'm not sure if it is a mail client
mucking it up or something else (the addition of <a
moz-do-not-send="true" href="http://ipa.test.net"
target="_blank">http://ipa.test.net</a>)<br>
<font color="#888888">
<br>
rob</font>
<div>
<div class="h5"><br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<br>
Can you check the 389-ds access log to see if you can
see the<br>
connection and any errors reported with it?<br>
<br>
Nothing in the access.log on the server.<br>
<br>
<br>
<br>
<br>
The ipa server is definately up and running, it's
still<br>
authenticating<br>
other servers in the network and when I rebuild
the client with<br>
rhel or<br>
centos it can enroll (almost) without issue (see
below).<br>
<br>
The second issue was this certmonger related bug
where<br>
certmonger fails<br>
to start on new install<br>
(<a moz-do-not-send="true"
href="https://bugzilla.redhat.com/__show_bug.cgi?id=636894"
target="_blank">https://bugzilla.redhat.com/__show_bug.cgi?id=636894</a><br>
<<a moz-do-not-send="true"
href="https://bugzilla.redhat.com/show_bug.cgi?id=636894"
target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=636894</a>>)
was it<br>
resolved in<br>
Red Hat 5 as I think i'm expering the issue with
my RH5u6 clients?<br>
<br>
<br>
Looks like it wasn't fixed in RHEL 5.x. IIRC the
simple fix is to<br>
restart messagebus after installing certmonger.
Should be easy to do<br>
in a kickstart.<br>
<br>
<br>
yeah got the "killall -HUP dbus-daemon" in there now.<br>
<br>
Cheers<br>
Charlie<br>
<br>
<br>
rob<br>
<br>
<br>
</blockquote>
<br>
</div>
</div>
</blockquote>
</div>
<br>
Figured it out! Well partly... it's a dependency issue. I
installed pretty much everything onto the box and it started to
work but on my cut down server no joy. Finding the missing RPM
might be a little bit more trickier unless someone could deduce
what RPM's absence could cause that error?<br>
<br>
It's hard cause it may be a dependency for the ipa-client or a
dependency of a dependency and so forth! <br>
</blockquote>
<br>
<br>
If you are doing a DNS install for the server, you need
bind-dyndb-ldap, which is the LDAP backend for the DNS server.<br>
<br>
<br>
<blockquote
cite="mid:BANLkTinmKysYaAg7O-MYiY6k7gkQHn2=Ow@mail.gmail.com"
type="cite"><br>
Cheers<br>
Charlie<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
</body>
</html>