<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Dmitri, </div><div><br></div><div>Here are the corresponding answers, thanks for the quick response. </div><div><br></div><div><br></div>1. ipa-client-3.0.0-26.el6_4.2.x86_64<div>2. </div><div><div>[root@ ~]# ipa-client-install --domain=<a href="http://digitalreasoning.com">digitalreasoning.com</a> --server=<a href="http://ipa1.corp.digitalreasoning.com">ipa1.corp.digitalreasoning.com</a> --realm=<a href="http://EXAMPLE.COM">EXAMPLE.COM</a> -p builduser -w "BLAH" -U</div><div>Hostname: <a href="http://client.example.com">client.example.com</a></div><div>Realm: <a href="http://EXAMPLE.COM">EXAMPLE.COM</a></div><div>DNS Domain: <a href="http://example.com">example.com</a></div><div>IPA Server: <a href="http://server.example.com">server.example.com</a></div><div>BaseDN: dc=example,dc=com</div><div><br></div><div>Synchronizing time with KDC...</div><div>Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates</div><div><br></div><div>Installation failed. Rolling back changes.</div><div>IPA client is not configured on this system.</div><div><br></div><div>3. </div><div><div>2013-05-23T17:45:16Z DEBUG args=kinit <a href="mailto:builduser@EXAMPLE.COM">builduser@EXAMPLE.COM</a></div><div>2013-05-23T17:45:16Z DEBUG stdout=Password for <a href="mailto:builduser@EXAMPLE.COM">builduser@EXAMPLE.COM</a>:</div><div><br></div><div>2013-05-23T17:45:16Z DEBUG stderr=</div><div>2013-05-23T17:45:16Z DEBUG trying to retrieve CA cert via LDAP from <a href="ldap://server.example.com">ldap://server.example.com</a></div><div>2013-05-23T17:45:16Z DEBUG Existing CA cert and Retrieved CA cert are identical</div><div>2013-05-23T17:45:16Z DEBUG args=/usr/sbin/ipa-join -s <a href="http://server.example.com">server.example.com</a> -b dc=example,dc=com</div><div>2013-05-23T17:45:16Z DEBUG stdout=</div><div>2013-05-23T17:45:16Z DEBUG stderr=libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates</div><div><br></div><div>2013-05-23T17:45:16Z ERROR Joining realm failed: libcurl failed to execute the HTTP POST transaction. Peer certificate cannot be authenticated with known CA certificates</div><div><br></div><div>2013-05-23T17:45:16Z ERROR Installation failed. Rolling back changes.</div><div>2013-05-23T17:45:16Z ERROR IPA client is not configured on this system.</div></div><div><br></div><div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div style="color: rgb(0, 0, 0); font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">Thanks, </div><div style="color: rgb(0, 0, 0); font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">_____________________________________________________</div><div style="color: rgb(0, 0, 0); font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">John Moyer<br>Director, IT Operations</div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; "><b>Digital Reasoning Systems, Inc.</b></div><div style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 14px; "><a href="mailto:john.moyer@digitalreasoning.com">John.Moyer@digitalreasoning.com</a></div><div style="color: rgb(0, 0, 0); font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">Office:<span class="Apple-tab-span" style="white-space: pre; "> </span>703.678.2311<br>Mobile:<span class="Apple-tab-span" style="white-space: pre; "> </span>240.460.0023<br>Fax:<span class="Apple-tab-span" style="white-space: pre; "> </span>703.678.2312<br></div><div style="font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; "><a href="http://www.digitalreasoning.com/">www.digitalreasoning.com</a></div></div></div></div></div></div></div></div>
</div>
<br><div><div>On May 23, 2013, at 2:50 PM, Dmitri Pal <<a href="mailto:dpal@redhat.com">dpal@redhat.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000">
On 05/23/2013 01:37 PM, John Moyer wrote:
<blockquote cite="mid:7EEC0519-9853-479C-B34D-5FFD99E51CD0@digitalreasoning.com" type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div>So I found this page and followed it. The http daemon works
great (no longer complains about not being the cert for my URL.
However, now I can't bind anymore servers to my IPA server.
The current servers enrolled before I did this work great (and I
can login using my IPA credentials). However, I just can't add
anymore. Does anyone have any ideas? I tried removing the
certs and that made it so I can't start httpd (so I put the cert
back). </div>
<div><br>
</div>
<div><br>
</div>
<a moz-do-not-send="true" href="http://freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP">http://freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP</a><br>
<div><br>
</div>
<div apple-content-edited="true">
<div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div style="font-family: Helvetica; font-size: medium;
font-style: normal; font-variant: normal;
letter-spacing: normal; line-height: normal; orphans:
2; text-align: -webkit-auto; text-indent: 0px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; -webkit-line-break:
after-white-space; ">
<div style="font-family: Helvetica; font-size: medium;
font-style: normal; font-variant: normal;
letter-spacing: normal; line-height: normal;
orphans: 2; text-align: -webkit-auto; text-indent:
0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; ">
<div style="font-family: Helvetica; font-size:
medium; font-style: normal; font-variant: normal;
letter-spacing: normal; line-height: normal;
orphans: 2; text-align: -webkit-auto; text-indent:
0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px;
-webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; word-wrap:
break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space; ">
<div style="font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">Thanks, </div>
<div style="font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">_____________________________________________________</div>
<div style="font-weight: normal; font-family: Calibri, sans-serif; font-size: 14px; ">John Moyer<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
We need more info:<br>
<br>
1) What version of the client?<br>
2) What is the output of the ipa-client-install?<br>
3) What the client install log contains?<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</div>
_______________________________________________<br>Freeipa-users mailing list<br><a href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>https://www.redhat.com/mailman/listinfo/freeipa-users</blockquote></div><br></div></body></html>