[Freeipa-users] ipa-client-install errors via kickstart

Rob Crittenden rcritten at redhat.com
Thu Jun 23 17:54:15 UTC 2011 

Charlie Derwent wrote:
>
>
> On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     Charlie Derwent wrote:
>
>         Hi
>
>         I'm running FreeIPA server on F14 and connecting to a F14
>         client. When I
>         run ipa-client-install (via kickstart or after the client has
>         installed)
>         I'm getting the following error message.
>
>         root        : DEBUG
>         root        : ERROR    LDAP Error: Connect error: Start TLS request
>         accepted. Server willing to negotiate SSL
>         Failed to verify that ipa.test.net <http://ipa.test.net>
>         <http://ipa.test.net> is an IPA server
>
>         This may mean that the remote server is not up or is not
>         reachable due
>         to network or firewall settings
>
>
>     What version of IPA are you running on the client and server?
>
> Server is running 2.0.0.rc3-0
> F14 Client is running  2.0.0.rc3-0
> RHEL 5.6 Clients are running 2.0-10.el5_6.1
> All the boxes are 64-bit

How are you invoking ipa-client-install? The error message looks a bit 
odd and I'm not sure if it is a mail client mucking it up or something 
else (the addition of http://ipa.test.net)

rob

>
>     Can you check the 389-ds access log to see if you can see the
>     connection and any errors reported with it?
>
>   Nothing in the access.log on the server.
>
>
>
>
>         The ipa server is definately up and running, it's still
>         authenticating
>         other servers in the network and when I rebuild the client with
>         rhel or
>         centos it can enroll (almost) without issue (see below).
>
>         The second issue was this certmonger related bug where
>         certmonger fails
>         to start on new install
>         (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
>         <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
>         resolved in
>         Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?
>
>
>     Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
>     restart messagebus after installing certmonger. Should be easy to do
>     in a kickstart.
>
>
> yeah got the "killall -HUP dbus-daemon" in there now.
>
> Cheers
> Charlie
>
>
>     rob
>
>

More information about the Freeipa-users mailing list