[Freeipa-users] "Joining realm failed because of failing XML-RPC request" FreIPA V2
Simo Sorce
simo at redhat.com
Fri Jul 8 18:53:39 UTC 2011
On Fri, 2011-07-08 at 14:45 -0400, Rob Crittenden wrote:
> McDougall, Ryan P. [mcry0802 at stcloudstate.edu] wrote:
> > When joining a client to a FreeIPA server installed on F15, I get the
> > error quoted in the subject. The install of the server went well with no
> > errors during the process. I’ve been looking all over and I can’t seem
> > to find anything related to this on the forums and I haven’t heard back
> > from anyone yet in IRC. Is this a known issue?
>
> This is caused by a recent update to libcurl that removed its ability to
> delegate tickets. Bugs have been opened against curl to add support for
> delegation and a bug against xmlrpc-c to take advantage of this new API.
>
> There is currently on ETA on a fix.
>
> The only workaround I've come up with so far is:
>
> - On the server: manually add a host entry for your client: ipa host-add
> client.example.com
> - Add the --force flag to ipa-client-install. This will allow it to
> continue past the enrolment failure
> - On the client: kinit admin
> - On the client: ipa-getkeytab -s ipa.example.com -p
> client.example.com at EXAMPLE.COM -k /etc/krb5.keytab
> - On the client: service sssd restart
>
> There will be no SSL server cert in /etc/pki/nssdb because certmonger
> can't communicate with the IPA backend.
The other option is to downgrade curl to a previously working version,
although the upgrade was supposedly a security fix and the fix was to
remove this functionality ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list