# ipa-client-install --domain dev.id.aaf.edu.au --server iam1.dev.id.aaf.edu.au
LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
Failed to verify that iam1.dev.id.aaf.edu.au is an IPA Server.
This may mean that the remote server is not up or is not reachable due to network or firewall settings.
Please make sure the following ports are opened in the firewall settings:
TCP: 80, 88, 389
UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
TCP: 464
UDP: 464, 123 (if NTP enabled)
Installation failed. Rolling back changes.
IPA client is not configured on this system.
#
We need to obtain the ca.crt from the ldap server and use it to trust the slef-signed certificate.
Run these commands to fix this issue:
# wget http://iam1.dev.id.aaf.edu.au/ipa/config/ca.crt
# mv ca.crt /etc/ipa/ca.crt# mv ca.crt /etc/ipa/ca.crt
See https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html
No comments:
Post a Comment