when ipa server has firewall up and required ports are not opened, ipa-client-automount simple return "Unable to confirm that f17blue.yzhang.redhat.com is an IPA v2 server". It would be nice to remind user a little more detail.
In my test, I ran ipa-client-automount with --debug flag and it reports details like below:
======================== ... ... Verifying that f17blue.yzhang.redhat.com is an IPA server args=/usr/bin/wget -O /tmp/tmpxXv5u0/ca.crt -T 15 -t 2 http://f17blue.yzhang.redhat.com/ipa/config/ca.crt stdout= stderr=--2012-09-13 10:41:26-- http://f17blue.yzhang.redhat.com/ipa/config/ca.crt Resolving f17blue.yzhang.redhat.com... 192.168.122.174 Connecting to f17blue.yzhang.redhat.com|192.168.122.174|:80... failed: No route to host. Retrieving CA from f17blue.yzhang.redhat.com failed: Command '/usr/bin/wget -O /tmp/tmpxXv5u0/ca.crt -T 15 -t 2 http://f17blue.yzhang.redhat.com/ipa/config/ca.crt' returned non-zero exit status 4 Unable to confirm that f17blue.yzhang.redhat.com is an IPA v2 server ==================
It is a bit misleading when it says "unable to confirm .. an IPA v2 server" when in fact the problem is to access port 80.
We may also check a return code that /usr/bin/wget returns when connection is rejected due to firewall issue, it may help us provide better error message in that case.
/usr/bin/wget
Changing 3.2 priority
Rename component.
Metadata Update from @yizhangid: - Issue assigned to lroot - Issue set to the milestone: Future Releases
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.