<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: verdana,helvetica,sans-serif; font-size: 10pt; color: #000000'>Justin,<br><br>Thank you very much for the prompt response. The log output is as follows:<br><br>2016-07-20T17:02:52Z DEBUG Starting external process<br>2016-07-20T17:02:52Z DEBUG args='/usr/sbin/ipa-join' '-s' 'ldap.mydomain.com' '-b' 'dc=mydomain,dc=com' '-h' 'centostest.mydomain.com'<br>2016-07-20T17:02:52Z DEBUG Process finished, return code=17<br>2016-07-20T17:02:52Z DEBUG stdout=<br>2016-07-20T17:02:52Z DEBUG stderr=HTTP response code is 403, not 200<br><br>2016-07-20T17:02:52Z ERROR Joining realm failed: HTTP response code is 403, not 200<br><br>2016-07-20T17:02:52Z ERROR Installation failed. Rolling back changes.<br>2016-07-20T17:02:52Z ERROR IPA client is not configured on this system.<br><br>Regards,<br>Rubin<br><br><hr id="zwchr"><div style="color: rgb(0, 0, 0); font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica,Arial,sans-serif; font-size: 12pt;"><b>From: </b>"Justin Stephenson" <jstephen@redhat.com><br><b>To: </b>"Rubin Binder" <rbinder@wooplagaming.com>, freeipa-users@redhat.com<br><b>Sent: </b>Wednesday, July 20, 2016 2:49:16 PM<br><b>Subject: </b>Re: [Freeipa-users] FreeIPA Client Install 403 error<br><br>Could you please share with us the /var/log/ipaclient-install.log ?<br><br>Kind regards,<br><br>Justin Stephenson<br><br><br>On 07/20/2016 01:23 PM, Rubin Binder wrote:<br>> Hello all,<br>><br>> I am testing Free IPA server for use under a test environment, so far smooth sailing and have it up and running, no problems.<br>><br>> The problem is occurring during client installation. I have installed the ipa-client package on a clean CentOS 7 OS. When I execute ipa-client-install... I get the following:<br>><br>> Client hostname: centostest.mydomain.com<br>> Realm: MYDOMAIN.COM<br>> DNS Domain: mydomain.com<br>> IPA Server: ldap.mydomain.com<br>> BaseDN: dc=mydomain,dc=com<br>><br>> Continue to configure the system with these values? [no]: yes<br>> Skipping synchronizing time with NTP server.<br>> User authorized to enroll computers: admin<br>> Password for admin@MYDOMAIN.COM:<br>> Successfully retrieved CA cert<br>> Subject: CN=Certificate Authority,O=MYDOMAIN.COM<br>> Issuer: CN=Certificate Authority,O=MYDOMAIN.COM<br>> Valid From: Wed Jul 13 13:12:08 2016 UTC<br>> Valid Until: Sun Jul 13 13:12:08 2036 UTC<br>><br>> Joining realm failed: HTTP response code is 403, not 200<br>><br>> Installation failed. Rolling back changes.<br>> IPA client is not configured on this system.<br>><br>> I can't make sense of why I'd be seeing a 403 error. I've done my share of searching but have not found a similar issue. Some have report 401 errors in some circumstances, but not 403.<br>><br>> Has anyone seen this before.<br>><br>> Thanks,<br>> Rubin<br>><br><br></div><br></div></body></html>