[root@fed14-64-cli01 tmp]# ipa-client-install --server fed14-64-ipam001.vuw.ac.nz --domain ipa.ac.nz --force Retrieving CA from dc0001.ipa.ac.nz failed. Command '/usr/bin/wget -O /tmp/tmpjur_Xa/ca.crt http://dc0001.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 8 [root@fed14-64-cli01 tmp]#
So the client isnt appearing in the IPA web gui.....so its a total failure to join... regards ________________________________________ From: Rob Crittenden [[email protected]] Sent: Wednesday, 30 March 2011 9:03 a.m. To: Steven Jones Cc: [email protected]; [email protected] Subject: Re: [Freeipa-users] client setup failure Steven Jones wrote: > I used --force as well....it still ignores it.... More information would be helpful. Ignores it how, what error messages do you get, etc. rob > > regards > ________________________________________ > From: Rob Crittenden [[email protected]] > Sent: Wednesday, 30 March 2011 8:58 a.m. > To: Steven Jones > Cc: [email protected]; [email protected] > Subject: Re: [Freeipa-users] client setup failure > > Steven Jones wrote: >> uh OK.....but why is it ignoring my --server and --domain ? and going to the >> dc for the certificate? >> >> This ticket still does not help me proceed.... > > You need --force as well. > > We try very hard not to hardcode values into the configuration files > which is why we always autodiscover. > > With the patch and --force it should push through and complete the > installation. > > rob > >> >> regards >> >> >> ________________________________________ >> From: Rob Crittenden [[email protected]] >> Sent: Wednesday, 30 March 2011 8:50 a.m. >> To: Steven Jones >> Cc: [email protected]; [email protected] >> Subject: Re: [Freeipa-users] client setup failure >> >> Steven Jones wrote: >>> What do I put in the python script as a work around? >> >> https://www.redhat.com/archives/freeipa-devel/2011-March/msg00227.html >> >>> >>> regards >>> ________________________________________ >>> From: [email protected] [[email protected]] >>> on behalf of Dmitri Pal [[email protected]] >>> Sent: Wednesday, 30 March 2011 8:29 a.m. >>> To: [email protected] >>> Subject: Re: [Freeipa-users] client setup failure >>> >>> On 03/29/2011 03:26 PM, Steven Jones wrote: >>>> Hi, >>>> >>>> The DNS is in AD so it cant be set to suit IPA.... >>>> >>>> I did as below and even with --force your script ignores these flags, it >>>> insists on doing AD lookups and gets the AD info....and obviously the cert >>>> isnt on the AD box. >>>> >>>> 8><-------- >>>> >>>> What is a content of _ldap._tcp.ipa.ac.nz DNS SRV record? IPA client >>>> installation uses this DNS record in an autodiscovery of IPA server in >>>> the given DNS domain. >>>> >>>> You may want to check the DNS record or set the domain and server >>>> manually: >>>> >>>> # ipa-client-install --server=<your_IPA_server> --domain=<domain> >>>> >>> >>> That was the bug that we fixed last week. >>> Rob, did it make the GA? >>> Or the bits you are using are not GA. >>> >>>> Regards, >>>> Martin >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected] >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> >>> -- >>> Thank you, >>> Dmitri Pal >>> >>> Sr. Engineering Manager IPA project, >>> Red Hat Inc. >>> >>> >>> ------------------------------- >>> Looking to carve out IT costs? >>> www.redhat.com/carveoutcosts/ >>> >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/freeipa-users >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
