[Freeipa-users] FreeIPA Client Install 403 error

Rubin Binder rbinder at wooplagaming.com
Wed Jul 20 18:28:55 UTC 2016 

Justin, 

Thank you very much for the prompt response. The log output is as follows: 

2016-07-20T17:02:52Z DEBUG Starting external process 
2016-07-20T17:02:52Z DEBUG args='/usr/sbin/ipa-join' '-s' 'ldap.mydomain.com' '-b' 'dc=mydomain,dc=com' '-h' 'centostest.mydomain.com' 
2016-07-20T17:02:52Z DEBUG Process finished, return code=17 
2016-07-20T17:02:52Z DEBUG stdout= 
2016-07-20T17:02:52Z DEBUG stderr=HTTP response code is 403, not 200 

2016-07-20T17:02:52Z ERROR Joining realm failed: HTTP response code is 403, not 200 

2016-07-20T17:02:52Z ERROR Installation failed. Rolling back changes. 
2016-07-20T17:02:52Z ERROR IPA client is not configured on this system. 

Regards, 
Rubin 

----- Original Message -----

From: "Justin Stephenson" <jstephen at redhat.com> 
To: "Rubin Binder" <rbinder at wooplagaming.com>, freeipa-users at redhat.com 
Sent: Wednesday, July 20, 2016 2:49:16 PM 
Subject: Re: [Freeipa-users] FreeIPA Client Install 403 error 

Could you please share with us the /var/log/ipaclient-install.log ? 

Kind regards, 

Justin Stephenson 


On 07/20/2016 01:23 PM, Rubin Binder wrote: 
> Hello all, 
> 
> I am testing Free IPA server for use under a test environment, so far smooth sailing and have it up and running, no problems. 
> 
> The problem is occurring during client installation. I have installed the ipa-client package on a clean CentOS 7 OS. When I execute ipa-client-install... I get the following: 
> 
> Client hostname: centostest.mydomain.com 
> Realm: MYDOMAIN.COM 
> DNS Domain: mydomain.com 
> IPA Server: ldap.mydomain.com 
> BaseDN: dc=mydomain,dc=com 
> 
> Continue to configure the system with these values? [no]: yes 
> Skipping synchronizing time with NTP server. 
> User authorized to enroll computers: admin 
> Password for admin at MYDOMAIN.COM: 
> Successfully retrieved CA cert 
> Subject: CN=Certificate Authority,O=MYDOMAIN.COM 
> Issuer: CN=Certificate Authority,O=MYDOMAIN.COM 
> Valid From: Wed Jul 13 13:12:08 2016 UTC 
> Valid Until: Sun Jul 13 13:12:08 2036 UTC 
> 
> Joining realm failed: HTTP response code is 403, not 200 
> 
> Installation failed. Rolling back changes. 
> IPA client is not configured on this system. 
> 
> I can't make sense of why I'd be seeing a 403 error. I've done my share of searching but have not found a similar issue. Some have report 401 errors in some circumstances, but not 403. 
> 
> Has anyone seen this before. 
> 
> Thanks, 
> Rubin 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160720/7e3d246a/attachment.htm>

More information about the Freeipa-users mailing list