[Freeipa-users] ipa-client-install errors via kickstart
Adam Young
ayoung at redhat.com
Mon Jun 27 13:07:06 UTC 2011
On 06/26/2011 08:35 AM, Charlie Derwent wrote:
>
>
> On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> Charlie Derwent wrote:
>
>
>
> On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden
> <rcritten at redhat.com <mailto:rcritten at redhat.com>
> <mailto:rcritten at redhat.com <mailto:rcritten at redhat.com>>> wrote:
>
> Charlie Derwent wrote:
>
> Hi
>
> I'm running FreeIPA server on F14 and connecting to a F14
> client. When I
> run ipa-client-install (via kickstart or after the
> client has
> installed)
> I'm getting the following error message.
>
> root : DEBUG
> root : ERROR LDAP Error: Connect error: Start
> TLS request
> accepted. Server willing to negotiate SSL
> Failed to verify that ipa.test.net
> <http://ipa.test.net> <http://ipa.test.net>
> <http://ipa.test.net> is an IPA server
>
> This may mean that the remote server is not up or is not
> reachable due
> to network or firewall settings
>
>
> What version of IPA are you running on the client and server?
>
> Server is running 2.0.0.rc3-0
> F14 Client is running 2.0.0.rc3-0
> RHEL 5.6 Clients are running 2.0-10.el5_6.1
> All the boxes are 64-bit
>
>
> How are you invoking ipa-client-install? The error message looks a
> bit odd and I'm not sure if it is a mail client mucking it up or
> something else (the addition of http://ipa.test.net)
>
> rob
>
>
>
> Can you check the 389-ds access log to see if you can see the
> connection and any errors reported with it?
>
> Nothing in the access.log on the server.
>
>
>
>
> The ipa server is definately up and running, it's still
> authenticating
> other servers in the network and when I rebuild the
> client with
> rhel or
> centos it can enroll (almost) without issue (see below).
>
> The second issue was this certmonger related bug where
> certmonger fails
> to start on new install
> (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
> <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
> resolved in
> Red Hat 5 as I think i'm expering the issue with my
> RH5u6 clients?
>
>
> Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix
> is to
> restart messagebus after installing certmonger. Should be
> easy to do
> in a kickstart.
>
>
> yeah got the "killall -HUP dbus-daemon" in there now.
>
> Cheers
> Charlie
>
>
> rob
>
>
>
>
> Figured it out! Well partly... it's a dependency issue. I installed
> pretty much everything onto the box and it started to work but on my
> cut down server no joy. Finding the missing RPM might be a little bit
> more trickier unless someone could deduce what RPM's absence could
> cause that error?
>
> It's hard cause it may be a dependency for the ipa-client or a
> dependency of a dependency and so forth!
If you are doing a DNS install for the server, you need
bind-dyndb-ldap, which is the LDAP backend for the DNS server.
>
> Cheers
> Charlie
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110627/168affaa/attachment.htm>
More information about the Freeipa-users
mailing list