[Freeipa-users] ipa-client-install errors via kickstart
Charlie Derwent
shelltoesuperstar at gmail.com
Mon Jun 27 13:54:50 UTC 2011
On Mon, Jun 27, 2011 at 2:07 PM, Adam Young <ayoung at redhat.com> wrote:
> **
> On 06/26/2011 08:35 AM, Charlie Derwent wrote:
>
>
>
> On Thu, Jun 23, 2011 at 6:54 PM, Rob Crittenden <rcritten at redhat.com>wrote:
>
>> Charlie Derwent wrote:
>>
>>>
>>>
>>> On Wed, Jun 22, 2011 at 10:49 PM, Rob Crittenden <rcritten at redhat.com
>>> <mailto:rcritten at redhat.com>> wrote:
>>>
>>> Charlie Derwent wrote:
>>>
>>> Hi
>>>
>>> I'm running FreeIPA server on F14 and connecting to a F14
>>> client. When I
>>> run ipa-client-install (via kickstart or after the client has
>>> installed)
>>> I'm getting the following error message.
>>>
>>> root : DEBUG
>>> root : ERROR LDAP Error: Connect error: Start TLS
>>> request
>>> accepted. Server willing to negotiate SSL
>>> Failed to verify that ipa.test.net <http://ipa.test.net>
>>> <http://ipa.test.net> is an IPA server
>>>
>>> This may mean that the remote server is not up or is not
>>> reachable due
>>> to network or firewall settings
>>>
>>>
>>> What version of IPA are you running on the client and server?
>>>
>>> Server is running 2.0.0.rc3-0
>>> F14 Client is running 2.0.0.rc3-0
>>> RHEL 5.6 Clients are running 2.0-10.el5_6.1
>>> All the boxes are 64-bit
>>>
>>
>> How are you invoking ipa-client-install? The error message looks a bit odd
>> and I'm not sure if it is a mail client mucking it up or something else (the
>> addition of http://ipa.test.net)
>>
>> rob
>>
>>
>>
>>> Can you check the 389-ds access log to see if you can see the
>>> connection and any errors reported with it?
>>>
>>> Nothing in the access.log on the server.
>>>
>>>
>>>
>>>
>>> The ipa server is definately up and running, it's still
>>> authenticating
>>> other servers in the network and when I rebuild the client with
>>> rhel or
>>> centos it can enroll (almost) without issue (see below).
>>>
>>> The second issue was this certmonger related bug where
>>> certmonger fails
>>> to start on new install
>>> (https://bugzilla.redhat.com/__show_bug.cgi?id=636894
>>> <https://bugzilla.redhat.com/show_bug.cgi?id=636894>) was it
>>> resolved in
>>> Red Hat 5 as I think i'm expering the issue with my RH5u6 clients?
>>>
>>>
>>> Looks like it wasn't fixed in RHEL 5.x. IIRC the simple fix is to
>>> restart messagebus after installing certmonger. Should be easy to do
>>> in a kickstart.
>>>
>>>
>>> yeah got the "killall -HUP dbus-daemon" in there now.
>>>
>>> Cheers
>>> Charlie
>>>
>>>
>>> rob
>>>
>>>
>>>
>>
> Figured it out! Well partly... it's a dependency issue. I installed pretty
> much everything onto the box and it started to work but on my cut down
> server no joy. Finding the missing RPM might be a little bit more trickier
> unless someone could deduce what RPM's absence could cause that error?
>
> It's hard cause it may be a dependency for the ipa-client or a dependency
> of a dependency and so forth!
>
>
> If you are doing a DNS install for the server, you need bind-dyndb-ldap,
> which is the LDAP backend for the DNS server.
>
>
This was a client side issue (apologies for saying "cut down server" I meant
server in a hardware sense rather that server/client model). But yeah
bind-dyndb-ldap is installed on my server.
Charlie
>
> Cheers
> Charlie
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110627/58152fc3/attachment.htm>
More information about the Freeipa-users
mailing list