[Freeipa-users] Server - client mismatch has no progressed to 6.1
Steven Jones
Steven.Jones at vuw.ac.nz
Tue May 24 02:58:37 UTC 2011
Hi,
1) Screen data of the install from using the -d option. (attach d.out)
2) ipa-install log
3) there are no httpd logs in /var/log/httpd/ it is an empty directory.
4) "Did you also run kinit before manually
running ipa-join in your testing?" Yes....
5) For DNS I added,
allow query {any;};
into /etc/named.conf clients were then not denied DNS.
regards
________________________________________
From: Rob Crittenden [rcritten at redhat.com]
Sent: Tuesday, 24 May 2011 2:24 p.m.
To: Steven Jones
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Server - client mismatch has no progressed to 6.1
Steven Jones wrote:
> ran the ipa-join manually and krb5.conf was not configured, scp'd that over from the ipa-server and re-ran ipa-join, still getting the same 401 failure...
This is a different mismatch than you were seeing with 5.6 (and a
completely different error message).
A few things to note:
- In general, when you reference any IPA server you should always use
the fully-qualified name. The SSL error you had was because the name did
not match the certificate.
- The 3xx/4xx error responses seen from ipa-join are HTTP error codes so
you can always check the Apache error/access logs for diagnostic
information.
- The integrated DNS stores information in LDAP, not flat files, so
having no data in /var/named is not surprising.
ipa-join needs authentication in the form of a TGT or a one-time
password. It definitely did one in the log you provided and you still
got a 401, which is strange. Did you also run kinit before manually
running ipa-join in your testing?
Running ipa-join or ipa-client-install with the -d option will provide a
lot more debugging information.
I think the first place to check is the Apache error log to see why the
join call failed.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: d.out
Type: application/octet-stream
Size: 5216 bytes
Desc: d.out
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110524/b5d3c3d0/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipaclient-install.log
Type: application/octet-stream
Size: 4827 bytes
Desc: ipaclient-install.log
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110524/b5d3c3d0/attachment-0001.obj>
More information about the Freeipa-users
mailing list