[Freeipa-users] Joining a host
Martin Kosek
mkosek at redhat.com
Wed Feb 3 07:57:03 UTC 2016
On 02/02/2016 11:35 PM, Simpson Lachlan wrote:
> Hola,
>
> Presuming a regular machine, I've started the join as per instructions:
>
> yum install ipa-client
>
> [root at vmts-linux1 ~]# ipa-client-install
> Error checking LDAP: Operations error: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
> Discovery was successful!
> Client hostname: vmts-linux1.unix.example.org
> Realm: UNIX.EXAMPLE.ORG
> DNS Domain: unix.example.org
> IPA Server: dc1.example.org
> BaseDN: dc=unix,dc=example,dc=org
>
>
> There are two things here that I'd like to understand.
>
> 1. There was an error, but the process seems to have been successful? Should I be investigating that error or is it to be expected?
Hi Simpson,
I suspect that ipa-client-install had problems verifying a server during the
discovery, so it may have assumed some values itself, it probably did it wrong.
Details are in the ipaclient-install.log.
> 2. The IPA server is wrong - the machine it has found the PDC server (with a one way trust IPA->AD), but not the IPA server. I can only presume this is in error and that I should run the command again explicitly stating the IPA server?
So are you saying that FreeIPA actually discovered on an AD server? Do you DNS
domain with SRV records for FreeIPA set up? If yes, you can pass it via
"--domain" option of ipa-client-install, without using hard coded server list
via "--server" options.
More information about the Freeipa-users
mailing list