[Freeipa-users] (no subject)
Danielle M Witherspoon
dmwither at us.ibm.com
Wed Dec 23 19:08:20 UTC 2015
Hello everyone,
We've run into an issue with our instance of IPA. Our LDAP certificate was
deleted with the command "ldapdelete -Y GSSAPI
"cn=CAcert,cn=ipa,cn=etc,dc=example,dc=test"". When we now attempt to
enroll servers as IPA clients, we get the following (sanitized for this
email) output:
[root at server1 ~]# ipa-client-install
–enable-dns-updates
Discovery was successful!
Hostname: server1.SERVER.local
Realm: SERVER.LOCAL
DNS Domain: SERVER.local
IPA Server: ipaserver1.SERVER.local
BaseDN: dc=server dc=local
Continue to configure the system with
these values? [no]: yes
User authorized to enroll computers: bob
Synchronizing time with KDC...
Password for bob at SERVER.LOCAL:
Cannot obtain CA certificate
'ldap://ipaserver1.SERVER.local' doesn't
have a certificate.
Installation failed. Rolling back
changes.
IPA client is not configured on this
system.
Advice on how to remediate this issue would be welcomed with open arms.
Thank you for your time,
Danielle Witherspoon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151223/25974af4/attachment.htm>
More information about the Freeipa-users
mailing list