Hello
A question
What another way I can enroll my server client on my IPA server ?
I have a server IPA with S.O. Fedora 24 and
freeipa-server-4.3.3-1.fc24.x86_64
My client server have a S.O. CentOS release 5.10 with
ipa-client-2.1.3-7.el5
This is the "ipa-client-install -d"
[root@l1 ~]# ipa-client-install -d
root : DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force':
False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None,
'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir':
False, 'dns_updates': False, 'preserve_sssd': False, 'debug': True,
'on_master': False, 'ca_cert_file': None, 'realm_name': None, 'unattended':
None, 'ntp_server': None, 'principal': None}
root : DEBUG missing options might be asked for interactively
later
root : DEBUG Loading Index file from
'/var/lib/ipa-client/sysrestore/sysrestore.index'
root : DEBUG Loading StateFile from
'/var/lib/ipa-client/sysrestore/sysrestore.state'
root : DEBUG [IPA Discovery]
root : DEBUG Starting IPA discovery with domain=None,
servers=None, hostname=l1.example.com
root : DEBUG [ipadnssearchldap(example.com)]
root : DEBUG [ipadnssearchkrb]
root : DEBUG [ipacheckldap]
root : DEBUG Verifying that ipa.example.com (realm EXAMPLE.COM) is
an IPA server
root : DEBUG Init ldap with: ldap://ipa.example.com:389
root : DEBUG Search LDAP server for IPA base DN
root : DEBUG Check if naming context 'cn=changelog' is for IPA
root : DEBUG Info attribute with IPA server version not found
root : DEBUG Check if naming context 'dc=example,dc=com' is for
IPA
root : DEBUG Naming context 'dc=example,dc=com' is a valid IPA
context
root : DEBUG Search for (objectClass=krbRealmContainer) in
dc=example,dc=com(sub)
root : DEBUG Found:
[('cn=example.COM,cn=kerberos,dc=example,dc=com', {'objectClass': ['top',
'krbrealmcontainer', 'krbticketpolicyaux'], 'cn': ['example.COM']})]
root : DEBUG Discovery result: Success; server=ipa.example.com,
domain=example.com, kdc=ipa.example.com, basedn=dc=example,dc=com
root : DEBUG Validated servers: ipa.example.com
root : DEBUG will use domain: example.com
root : DEBUG [ipadnssearchldap(example.com)]
root : DEBUG DNS validated, enabling discovery
root : DEBUG will use discovered server: ipa.example.com
Discovery was successful!
root : DEBUG will use cli_realm: EXAMPLE.COM
root : DEBUG will use cli_basedn: dc=example,dc=com
Hostname: l1.example.com
Realm: example.COM
DNS Domain: example.com
IPA Server: ipa.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
root : DEBUG will use principal: admin
Synchronizing time with KDC...
root : DEBUG args=/usr/sbin/ntpdate -U ntp -s -b ipa.example.com
root : DEBUG stdout=
root : DEBUG stderr=
root : DEBUG Writing Kerberos configuration to /tmp/tmpSeQjKB:
#File modified by ipa-client-install
[libdefaults]
default_realm = EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
example.COM = {
kdc = ipa.example.com:88
master_kdc = ipa.example.com:88
admin_server = ipa.example.com:749
default_domain = example.com
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Password for ad...@example.com:
root : DEBUG args=kinit ad...@example.com
root : DEBUG stdout=Password for ad...@example.com:
root : DEBUG stderr=
root : DEBUG trying to retrieve CA cert via LDAP from
ldap://ipa.example.com
root : DEBUG Existing CA cert and Retrieved CA cert are identical
In the line "root : DEBUG Existing CA cert and Retrieved CA cert
are identical" It's don't progress.
Do Is there any other way I could do it ?
Thanks for your response
Jose Alvarez
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
