Hello
A question What another way I can enroll my server client on my IPA server ? I have a server IPA with S.O. Fedora 24 and freeipa-server-4.3.3-1.fc24.x86_64 My client server have a S.O. CentOS release 5.10 with ipa-client-2.1.3-7.el5 This is the "ipa-client-install -d" [root@l1 ~]# ipa-client-install -d root : DEBUG /usr/sbin/ipa-client-install was invoked with options: {'conf_ntp': True, 'domain': None, 'uninstall': False, 'force': False, 'sssd': True, 'krb5_offline_passwords': True, 'hostname': None, 'permit': False, 'server': None, 'prompt_password': False, 'mkhomedir': False, 'dns_updates': False, 'preserve_sssd': False, 'debug': True, 'on_master': False, 'ca_cert_file': None, 'realm_name': None, 'unattended': None, 'ntp_server': None, 'principal': None} root : DEBUG missing options might be asked for interactively later root : DEBUG Loading Index file from '/var/lib/ipa-client/sysrestore/sysrestore.index' root : DEBUG Loading StateFile from '/var/lib/ipa-client/sysrestore/sysrestore.state' root : DEBUG [IPA Discovery] root : DEBUG Starting IPA discovery with domain=None, servers=None, hostname=l1.example.com root : DEBUG [ipadnssearchldap(example.com)] root : DEBUG [ipadnssearchkrb] root : DEBUG [ipacheckldap] root : DEBUG Verifying that ipa.example.com (realm EXAMPLE.COM) is an IPA server root : DEBUG Init ldap with: ldap://ipa.example.com:389 root : DEBUG Search LDAP server for IPA base DN root : DEBUG Check if naming context 'cn=changelog' is for IPA root : DEBUG Info attribute with IPA server version not found root : DEBUG Check if naming context 'dc=example,dc=com' is for IPA root : DEBUG Naming context 'dc=example,dc=com' is a valid IPA context root : DEBUG Search for (objectClass=krbRealmContainer) in dc=example,dc=com(sub) root : DEBUG Found: [('cn=example.COM,cn=kerberos,dc=example,dc=com', {'objectClass': ['top', 'krbrealmcontainer', 'krbticketpolicyaux'], 'cn': ['example.COM']})] root : DEBUG Discovery result: Success; server=ipa.example.com, domain=example.com, kdc=ipa.example.com, basedn=dc=example,dc=com root : DEBUG Validated servers: ipa.example.com root : DEBUG will use domain: example.com root : DEBUG [ipadnssearchldap(example.com)] root : DEBUG DNS validated, enabling discovery root : DEBUG will use discovered server: ipa.example.com Discovery was successful! root : DEBUG will use cli_realm: EXAMPLE.COM root : DEBUG will use cli_basedn: dc=example,dc=com Hostname: l1.example.com Realm: example.COM DNS Domain: example.com IPA Server: ipa.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin root : DEBUG will use principal: admin Synchronizing time with KDC... root : DEBUG args=/usr/sbin/ntpdate -U ntp -s -b ipa.example.com root : DEBUG stdout= root : DEBUG stderr= root : DEBUG Writing Kerberos configuration to /tmp/tmpSeQjKB: #File modified by ipa-client-install [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false rdns = false ticket_lifetime = 24h forwardable = yes [realms] example.COM = { kdc = ipa.example.com:88 master_kdc = ipa.example.com:88 admin_server = ipa.example.com:749 default_domain = example.com pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM Password for ad...@example.com: root : DEBUG args=kinit ad...@example.com root : DEBUG stdout=Password for ad...@example.com: root : DEBUG stderr= root : DEBUG trying to retrieve CA cert via LDAP from ldap://ipa.example.com root : DEBUG Existing CA cert and Retrieved CA cert are identical In the line "root : DEBUG Existing CA cert and Retrieved CA cert are identical" It's don't progress. Do Is there any other way I could do it ? Thanks for your response Jose Alvarez
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org