Description of problem: I have EL6 installed with IPA-Server. Everything was fine with Fedora16. But when I've tried to join IPA-client оn Fedora17, I've recieved this message: |ipa : ERROR LDAP Error: Can't contact LDAP server: |Failed to verify that ipaserver.bashnl.local is an IPA Server. |This may mean that the remote server is not up or is not reachable |due to network or firewall settings. |Installation failed. Rolling back changes. |IPA client is not configured on this system. Version-Release number of selected component (if applicable): Server: IPA-Server installed from repository Client: Fedora17 with "minimal" install. after installation process, I've installed "htop, nmap, bash-completion, vim-enhanced". After that I've installed "ipa-client, ipa-admintools" from repository How reproducible: Steps to Reproduce: 1. install Fedora17 2. install ipa-client, ipa-admintools 3. run 'ipa-cilent-install --enable-dns-update --mkhomedir' Actual results: |ipa : ERROR LDAP Error: Can't contact LDAP server: |Failed to verify that ipaserver.bashnl.local is an IPA Server. |This may mean that the remote server is not up or is not reachable |due to network or firewall settings. |Installation failed. Rolling back changes. |IPA client is not configured on this system. Expected results: join Fedora17 as ipa-client to ipa-server Additional info:
Can you attach /var/log/ipaclient-install.log?
Created attachment 587938 [details] ipa-cleint install log After I've recivied error message, I've cheked avaibility to server from F17: Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-30 11:13 YEKT Nmap scan report for ipaserver.bashnl.local (10.39.0.60) Host is up (0.00025s latency). Not shown: 993 filtered ports PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 88/tcp open kerberos-sec 443/tcp open https 464/tcp open kpasswd5 636/tcp open ldapssl MAC Address: 52:54:00:97:64:3B (QEMU Virtual NIC)
Sorry. it was our mistake :( in iptables has been opened 399 port instead 389. i think report should be closed. will it bring my karma down?
Glad it was something simple. Would improved error messages in ipa-client-install have made this easier to debug?
I think yes :) if it has said that exactly 389 port is not reacheble, I would debug it imidiatly, and would not disturb you :)
Ok, re-opening. I'll see what we can do about making the error message clearer. Bug titled updated.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2816
Fixed upstream. master: 00a54b8b7f1e6e157f4b5efe7f24462685194de5 ipa-3-0: 50e55b012ecf533c190536a364c72c961c070f9f