[Freeipa-users] "Joining realm failed because of failing XML-RPC request" FreIPA V2
Dmitri Pal
dpal at redhat.com
Fri Jul 8 18:51:33 UTC 2011
On 07/08/2011 02:45 PM, Rob Crittenden wrote:
> McDougall, Ryan P. [mcry0802 at stcloudstate.edu] wrote:
>> When joining a client to a FreeIPA server installed on F15, I get the
>> error quoted in the subject. The install of the server went well with no
>> errors during the process. I’ve been looking all over and I can’t seem
>> to find anything related to this on the forums and I haven’t heard back
>> from anyone yet in IRC. Is this a known issue?
>
> This is caused by a recent update to libcurl that removed its ability
> to delegate tickets. Bugs have been opened against curl to add support
> for delegation and a bug against xmlrpc-c to take advantage of this
> new API.
>
> There is currently on ETA on a fix.
>
> The only workaround I've come up with so far is:
>
> - On the server: manually add a host entry for your client: ipa
> host-add client.example.com
> - Add the --force flag to ipa-client-install. This will allow it to
> continue past the enrolment failure
> - On the client: kinit admin
> - On the client: ipa-getkeytab -s ipa.example.com -p
> client.example.com at EXAMPLE.COM -k /etc/krb5.keytab
> - On the client: service sssd restart
>
> There will be no SSL server cert in /etc/pki/nssdb because certmonger
> can't communicate with the IPA backend.
>
I wonder is there an option to roll back libcurl...
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list