I'm unable to rejoin a CentOS client to my FreeIPA realm. I ran the uninstall command on my client: ipa-client-install --uninstall
As far as I know the uninstall was successful. It asked me to reboot. After rebooting if I try to rerun the install command: ipa-client-install -U -p admin -w P@ssw0rd! --enable-dns-updates --mkhomedir --domain=customdomain.ad.com --realm=IPA.AD.COM --server= ipa01.ipa.ad.com --server=ipa02.ipa.ad.com --no-ntp --debug FYI, we're using a different DNS domain than our freeIPA realm, hence why I have to provide all those flags. Running the install command failed. Here's the output from /var/log/ipa-client-uninstall.log 2017-08-03T19:17:58Z DEBUG stderr= 2017-08-03T19:17:58Z DEBUG trying to retrieve CA cert via LDAP from ipa-01.ipa.ad.com 2017-08-03T19:17:58Z DEBUG get_ca_certs_from_ldap() error: Insufficientaccess: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/ ad....@ipa.ad.com not found in Kerberos database) 2017-08-03T19:17:58Z DEBUG Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server krbtgt/ad....@ipa.ad.com not found in Kerberos database) 2017-08-03T19:17:58Z ERROR In unattended mode without a One Time Password (OTP) or without --ca-cert-file You must specify --force to retrieve the CA cert using HTTP 2017-08-03T19:17:58Z ERROR Cannot obtain CA certificate HTTP certificate download requires --force 2017-08-03T19:17:58Z ERROR Installation failed. Rolling back changes. 2017-08-03T19:17:58Z ERROR IPA client is not configured on this system. Do I need to run/clean something else ? This error is consistent with all of the client I tried to re-join. Thanks for your help, Alex
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
