Hi Rob, On 01/29/2016 04:12 PM, Rob Crittenden wrote: > > What version of server and client? >
Server is freeipa 4.2 (Centos 7.2) Client is freeipa 4.0.5 (Debian 8) Sorry, I should have mentioned this in my first post. I am running >200 clients in this environment, appr. 40% are Debian Hosts with this freeipa version. One host cannot be joined :-(. > I gather you have installed with an external CA? How many certs are in > /etc/ipa/ca.crt? > Yes, its an external CA. There is one cert in ca.cert: It is the certificate of the ipa CA, signed by the expected external root CA. I see the same on the other hosts, but of course I checked only a few (4). Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
