can't pass the expection below on freeipa-client-install:
libcurl failed to execute the HTTP POST transaction, explaining: Problem with the SSL CA cert (path? access rights?)
Not sure if this is causative to the message, curling - the cacert manually works without a hitch.
FreeIPA Server: Centos 8.2, looks nominal, the client is on Centos 7. Debug log: https://pastebin.com/eEhd7e0e
john doe via FreeIPA-users wrote:
can't pass the expection below on freeipa-client-install:
libcurl failed to execute the HTTP POST transaction, explaining: Problem with the SSL CA cert (path? access rights?)
Not sure if this is causative to the message, curling - the cacert manually works without a hitch.
Works manually how?
FreeIPA Server: Centos 8.2, looks nominal, the client is on Centos 7. Debug log: https://pastebin.com/eEhd7e0e
The LDAP request for the cert fails with:
Server ldap/dc-22a5aeca6717.atmospheric-chemistry-testbed.eu@ATMOSPHERIC-CHEMISTRY-TESTBED.EU not found in Kerberos database
So it could be a naming issue. Is one of your IPA servers actually dc-22a5aeca6717.atmospheric-chemistry-testbed.eu? I'd look in the keytabs on that machine and/or the certs to be sure those have the right naming.
rob
good - reading more around the error log section you specified a principal problem in this testbed emerges:
it tries to run '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt'
Could not update DNS SSHFP records.
the zone is not delegated hence it couldn't update it.
Is there a way to run FreeIPA without a delegated zone? That is put the kerberos i.a. SVC, TXT records in one statically without updates afterwards?
freeipa-users@lists.fedorahosted.org