[Freeipa-users] ipa-client-install error
Andreas Ladanyi
andreas.ladanyi at kit.edu
Fri Sep 25 12:36:31 UTC 2015
Hi,
I want to install ipa client: ipa-client-install -d
I get the following error:
Verifying that "MyFreeIPA Server" (realm None) is an IPA server
Init LDAP connection to: "MyFreeIPA Server"
Error checking LDAP: Connect error: TLS error -8054:You are attempting
to import a cert with the same issuer/serial as an existing cert, but
that is not the same cert.
Skip "MyFreeIPA Server" : cannot verify if this is an IPA server
Discovery result: UNKNOWN_ERROR; ...................................
Validated servers:
Failed to verify that "MyFreeIPA Server" is an IPA Server.
This may mean that the remote server is not up or is not reachable due
to network or firewall settings.
Please make sure the following ports are opened in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working
properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
"MyFreeIPA Server" : Provided interactively)
Installation failed. Rolling back changes.
IPA client is not configured on this system.
selinux on the ipa client and ipa server ist permissive, iptables is empty.
It seems to be a problem with the SSL certificate of freeipa.
About the client:
rpm -qi ipa-client
Name : ipa-client
Version : 4.1.0
Release : 18.el7.centos.4
About the freeipa server:
rpm -qi freeipa-server
Name : freeipa-server
Version : 4.1.4
Release : 1.fc21
regards,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5326 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150925/12da892a/attachment.p7s>
More information about the Freeipa-users
mailing list