[Freeipa-users] client setup failure

Tue Mar 29 20:11:03 UTC 2011

[root at fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force
Retrieving CA from dc0001.ipa.ac.nz failed.
Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8
[root at fed14-64-cli01 tmp]#

So the client isnt appearing in the IPA web gui.....so its a total failure to join...

regards

________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Wednesday, 30 March 2011 9:03 a.m.
To: Steven Jones
Cc: dpal at redhat.com; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] client setup failure

Steven Jones wrote:
> I used --force as well....it still ignores it....

More information would be helpful. Ignores it how, what error messages
do you get, etc.

rob

>
> regards
> ________________________________________
> From: Rob Crittenden [rcritten at redhat.com]
> Sent: Wednesday, 30 March 2011 8:58 a.m.
> To: Steven Jones
> Cc: dpal at redhat.com; freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] client setup failure
>
> Steven Jones wrote:
>> uh OK.....but why is it ignoring my --server and --domain ? and going to the dc for the certificate?
>>
>> This ticket still does not help me proceed....
>
> You need --force as well.
>
> We try very hard not to hardcode values into the configuration files
> which is why we always autodiscover.
>
> With the patch and --force it should push through and complete the
> installation.
>
> rob
>
>>
>> regards
>>
>>
>> ________________________________________
>> From: Rob Crittenden [rcritten at redhat.com]
>> Sent: Wednesday, 30 March 2011 8:50 a.m.
>> To: Steven Jones
>> Cc: dpal at redhat.com; freeipa-users at redhat.com
>> Subject: Re: [Freeipa-users] client setup failure
>>
>> Steven Jones wrote:
>>> What do I put in the python script as a work around?
>>
>> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html
>>
>>>
>>> regards
>>> ________________________________________
>>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
>>> Sent: Wednesday, 30 March 2011 8:29 a.m.
>>> To: freeipa-users at redhat.com
>>> Subject: Re: [Freeipa-users] client setup failure
>>>
>>> On 03/29/2011 03:26 PM, Steven Jones wrote:
>>>> Hi,
>>>>
>>>> The DNS is in AD so it cant be set to suit IPA....
>>>>
>>>> I did as below and even with --force your script ignores these flags, it insists on doing AD lookups and gets the AD info....and obviously the cert isnt on the AD box.
>>>>
>>>> 8><--------
>>>>
>>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client
>>>> installation uses this DNS record in an autodiscovery of IPA server in
>>>> the given DNS domain.
>>>>
>>>> You may want to check the DNS record or set the domain and server
>>>> manually:
>>>>
>>>> # ipa-client-install --server=<your_IPA_server>    --domain=<domain>
>>>>
>>>
>>> That was the bug that we fixed last week.
>>> Rob, did it make the GA?
>>> Or the bits you are using are not GA.
>>>
>>>> Regards,
>>>> Martin
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>
>>>> _______________________________________________
>>>> Freeipa-users mailing list
>>>> Freeipa-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>>
>>> --
>>> Thank you,
>>> Dmitri Pal
>>>
>>> Sr. Engineering Manager IPA project,
>>> Red Hat Inc.
>>>
>>>
>>> -------------------------------
>>> Looking to carve out IT costs?
>>> www.redhat.com/carveoutcosts/
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>