Hide Forgot
Description of problem: When running "ipa-client-install" and minssf is set to 1, get the following error. "Error checking LDAP: Server is unwilling to perform: Minimum SSF not met." Version-Release number of selected component (if applicable): RHEL 7.2 ipa-client-4.2.0-15.el7_2.3.x86_64 How reproducible: Every time running ip-client-install Steps to Reproduce: 1. Set minssf to 1 2. Run cmd "ipa-client-install --server=example.com" 3. Actual results: Error checking LDAP: Server is unwilling to perform: Minimum SSF not met. Error checking LDAP: Server is unwilling to perform: Minimum SSF not met. Error checking LDAP: Server is unwilling to perform: Minimum SSF not met. Expected results: Should not see the error if minssf is set to anything other than 0. Additional info: Seems like a known issue in previous versions. https://fedorahosted.org/freeipa/ticket/4459
Related 7,1 bug: https://bugzilla.redhat.com/show_bug.cgi?id=1122621 Alan, could you attach ipaclient-install.log with minssf 1 set on server? I don't see the log in SOS report(s). There were 3 occurances of: Error checking LDAP: Server is unwilling to perform: Minimum SSF not met. But the installation ended with: Client configuration complete. So it would be interesting to know what didn't work. And if the client is actually installed properly.
Attached is the ipa install log. Please let me know if you need any additional information.
FYI - Customer has closed the case, since the error did not prevent the installation from completing.
This is working as expected. The discovery tries to verify that the servers it found are IPA masters but it doesn't yet have the IPA CA to connect with so SSF failures are not fatal.
Closing, reasons in comments 2, 6, 7.