If the DNS SRV records point to an AD server you don't want to use autodiscovery but apparently entering them manually also fails:
[root@fed14-64-cli01 yum.repos.d]# ipa-client-install DNS discovery failed to determine your DNS domain Please provide the domain name of your IPA server (ex: example.com): ipa.ac.nz Retrieving CA from dc0002.ipa.ac.nz failed. Command '/usr/bin/wget -O /tmp/tmpzR381G/ca.crt http://dc0002.ipa.ac.nz/ipa/config/ca.crt' returned non-zero exit status 4 [root@fed14-64-cli01 yum.repos.d]#
This is the wget that fetches the CA so we can to TLS over LDAP.
attachment freeipa-rcrit-758-client.patch
master: b3a8589
ipa-2-0: 9e19e9c
To test:
Create DNS SRV records that point to a machine that isn't an IPA server (it doesn't even need a web server installed).
ipa-client-install should fail, server is not an IPA server
ipa-client-install --server=ipa.example.com --domain=example.com --force should succeed
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/08 (Final)
Login to comment on this ticket.