[Freeipa-users] stupid question

Mike Calautti Mike.Calautti at genesyslab.com
Tue Oct 15 20:02:17 UTC 2013 

I installed ipa-client..

I get this now.

ipa-client-install
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 2323, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 2309, in main
    rval = install(options, env, fstore, statestore)
  File "/usr/sbin/ipa-client-install", line 1684, in install
    ret = ds.search(domain=options.domain, servers=options.server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file))
  File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line 242, in search
    ldapret = self.ipacheckldap(server, self.realm, ca_cert_path=ca_cert_path)
  File "/usr/lib/python2.6/site-packages/ipaclient/ipadiscovery.py", line 339, in ipacheckldap
    basedn = get_ipa_basedn(lh)
  File "/usr/lib/python2.6/site-packages/ipapython/ipautil.py", line 817, in get_ipa_basedn
    contexts = entries[0][1]['namingcontexts']

cat /etc/redhat-release 
CentOS release 6.4 (Final)

Linux freeipatest01.dev.com 3.4.61-9.el6.centos.alt.x86_64 #1 SMP Wed Sep 11 15:34:17 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux


-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Mike Calautti
Sent: Tuesday, October 15, 2013 3:54 PM
To: Rob Crittenden; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] stupid question

Yes.. thanks !!
I just saw that myself..
So I need to install the ipa-client.x86_64 package on the client I take it..

Thanks for the quick response !!!

Mike




-----Original Message-----
From: Rob Crittenden [mailto:rcritten at redhat.com]
Sent: Tuesday, October 15, 2013 3:52 PM
To: Mike Calautti; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] stupid question

Mike Calautti wrote:
> Newbie
>
> I see a lot about DNS built into freeIPA.
>
> Im installing via yum on centos6.4
>
> Do I just ignore the DNS part since we have our own DNS servers? Or 
> does freeIPA still need local DNS entries?

You don't need to run an IPA-specific DNS server, it just makes certain things somewhat easier.

> Also, im not sure I follow "clients" I see it explains that you can 
> add clients so services and use IPA..
>
> However, does any client that is supposed to authenticate users to 
> freeIPA, need to be added as a client?

A client is any machine you want to use the IPA server for authentication (and authorization). A separate enrollment script is provided, ipa-client-install, that is used to provision and configure the client to work against IPA, by default using sssd.

> Or is there just an ldap.conf file that tells the client to auth a 
> user against the freeIPA server.

You are best off using our install script. You can opt to not use sssd if you really want, or you can configure things manually. We recommend sticking with the defaults, and using sssd.

rob



_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list