<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 12/22/11 9:46 PM, Benjamin Reed wrote:<br>
<span style="white-space: pre;">> I'm attempting to configure a
CentOS6 box to talk to a RHEL6.2 IPA<br>
> server. The IPA server has anonymous bind disabled since it's
on the<br>
> public Internet. When I run ipa-client-install, I get the
following error:</span><br>
<br>
So the full log makes more sense with debug on:<br>
<br>
---(snip!)---<br>
[root@nen etc]# ipa-client-install --domain=OPENNMS.COM --debug<br>
root : DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': 'OPENNMS.COM', 'uninstall':
False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True,
'hostname': None, 'preserve_sssd': False, 'server': None,
'prompt_password': False, 'mkhomedir': False, 'dns_updates': False,
'permit': False, 'debug': True, 'on_master': False, 'ntp_server':
None, 'realm_name': None, 'unattended': None, 'principal': None}<br>
root : DEBUG missing options might be asked for
interactively later<br>
<br>
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'<br>
root : DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'<br>
root : DEBUG [ipadnssearchldap]<br>
root : DEBUG [ipadnssearchkrb]<br>
root : DEBUG [ipacheckldap]<br>
root : DEBUG args=/usr/bin/wget -O /tmp/tmpjxJzV_/ca.crt
-T 15 -t 2 <a class="moz-txt-link-freetext" href="http://connect.opennms.com/ipa/config/ca.crt">http://connect.opennms.com/ipa/config/ca.crt</a><br>
root : DEBUG stdout=<br>
root : DEBUG stderr=--2011-12-22 22:47:39--
<a class="moz-txt-link-freetext" href="http://connect.opennms.com/ipa/config/ca.crt">http://connect.opennms.com/ipa/config/ca.crt</a><br>
Resolving connect.opennms.com... 66.135.60.215<br>
Connecting to connect.opennms.com|66.135.60.215|:80... connected.<br>
HTTP request sent, awaiting response... 302 Found<br>
Location: <a class="moz-txt-link-freetext" href="https://connect.opennms.com/ipa/config/ca.crt">https://connect.opennms.com/ipa/config/ca.crt</a> [following]<br>
--2011-12-22 22:47:39--
<a class="moz-txt-link-freetext" href="https://connect.opennms.com/ipa/config/ca.crt">https://connect.opennms.com/ipa/config/ca.crt</a><br>
Connecting to connect.opennms.com|66.135.60.215|:443... connected.<br>
HTTP request sent, awaiting response... 200 OK<br>
Length: 1313 (1.3K) [application/x-x509-ca-cert]<br>
Saving to: “/tmp/tmpjxJzV_/ca.crt”<br>
<br>
0K . 100%
3.11M=0s<br>
<br>
2011-12-22 22:47:40 (3.11 MB/s) - “/tmp/tmpjxJzV_/ca.crt” saved
[1313/1313]<br>
<br>
<br>
root : DEBUG Init ldap with:
<a class="moz-txt-link-freetext" href="ldap://connect.opennms.com:389">ldap://connect.opennms.com:389</a><br>
root : ERROR LDAP Error: Connect error: TLS error
-8172:Unknown code ___f 20<br>
root : DEBUG will use domain: OPENNMS.COM<br>
<br>
root : DEBUG will use server: connect.opennms.com<br>
<br>
Failed to verify that connect.opennms.com is an IPA Server.<br>
This may mean that the remote server is not up or is not reachable<br>
due to network or firewall settings.<br>
Installation failed. Rolling back changes.<br>
IPA client is not configured on this system.<br>
---(snip!)---<br>
<br>
This implies I guess the LDAP server isn't accepting this cert?<br>
<br>
Is there a log that might explain what's going on on the server
side?<br>
<br>
-- <br>
Benjamin Reed<br>
The OpenNMS Group<br>
<a class="moz-txt-link-freetext" href="http://www.opennms.org/">http://www.opennms.org/</a><br>
<br>
<br>
</body>
</html>