On a clean Fedora 20, minimal install, system using the netinstall iso, I'm getting an error all the way at the end of the ipa-server-install process (when it tries to run ipa-client-install). I put the fqdn of the hostname in /etc/hostname and "ipaddr ipa.usfs-i2.umt.edu ipa" in /etc/hosts and rebooted. Hostname returns the fqdn. DNS A, SRV, and TXT entries are in place. Reverse DNS works.
Copr repository installed, and fedora-updates-testing enabled (for required version of dirsrv). Yum refused to install freeipa-server for reason of unsatisfied dependencies, but dnf succeeded. Tail end of ipa-server-install is here, followed by a successful kinit and a failed "ipa" command. I can fix the cert issue on the server by following http://www.iamlinux.com/2014/06/ipa-commands-fails-with-peers-certificate-issuer-has-been-marked-as-not-trusted-by-the-user-error/. This allows ipa commands on the server to work. However, ipa-client-install on the client fails with the same "Peer's certificate issuer has been marked as not trusted by the user." Is this a dorky new user problem or should I file a bug? Bryce ... Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Restarting the certificate server Sample zone file for bind has been created in /tmp/sample.zone.dr0fFP.db Restarting the web server Configuration of client side components failed! ipa-client-install returned: Command ''/usr/sbin/ipa-client-install' '--on-master' '--unattended' '--domain' 'usfs-i2.umt.edu' '--server' 'ipa.usfs-i2.umt.edu' '--realm' 'USFS-I2.UMT.EDU' '--hostname' 'ipa.usfs-i2.umt.edu'' returned non-zero exit status 1 [root@ipa yum.repos.d]# kinit admin Password for ad...@usfs-i2.umt.edu: [root@ipa yum.repos.d]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: ad...@usfs-i2.umt.edu Valid starting Expires Service principal 07/16/2014 13:29:51 07/17/2014 13:29:45 krbtgt/usfs-i2.umt....@usfs-i2.umt.edu [root@ipa yum.repos.d]# ipa user-find ipa: ERROR: cert validation failed for "CN=ipa.usfs-i2.umt.edu,O=USFS-I2.UMT.EDU" ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) ipa: ERROR: cannot connect to 'https://ipa.usfs-i2.umt.edu/ipa/json': (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project