Hi,
Had a server - named ipa001.example.com -- it was a replica. It died. It
was re-installed. However, prior to the re-install it was saying the
wonderful:
TLS error -8172:Peer's certificate issuer has been marked as not trusted
by the user.
It was rebuilt - new OS and doing a brand new ipa-server-install (NOT a
replica or trying to join it back in to the existing ring of servers)
and at the end of the ipa-server-install - it gives:
Done.
Restarting the directory server
Restarting the KDC
Restarting the certificate server
Restarting the web server
Unable to set admin password Command ''/usr/bin/ldappasswd' '-h'
'ipa001.example.com' '-ZZ' '-x' '-D' 'cn=Directory Manager' '-y'
'/var/lib/ipa/tmp5Fxy2Z' '-T' '/var/lib/ipa/tmpnz0jLs'
'uid=admin,cn=users,cn=accounts,dc=example,dc=com'' returned non-zero
exit status 1
Configuration of client side components failed!
ipa-client-install returned: Command ''/usr/sbin/ipa-client-install'
'--on-master' '--unattended' '--domain' 'example.com' '--server'
'ipa001.example.com' '--realm' 'example.com' '--hostname'
'ipa001.example.com'' returned non-zero exit status 1
and checking /var/log/ipaclient-install.log - the exact same TLS error????
But this is a brand new system, with brand new OS and the install was
ipa-server-install to install a clean server.
I don't understand how this is happening. There is no "peer" to be not
trusted?
~J
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
