Hi Team,

I'm trying to add client with hostname abc.example.com on freeip server(ipa1.idm.example.com) but on centos 7 it works fine.

All ports are allowed and accessible from client side

Can you please share what the exactly problem is and how it can be fixed ?


TASK [Enroll host to FreeIPA] **************************************************************************************************************************

failed: [sherwin-centos6-test.example.com] (item=ipa1.idm.example.com) => {"ansible_loop_var": "item", "changed": false, "cmd": ["ipa-client-install", "-U", "-w", "8ekh0Y", "--mkhomedir", "--hostname", "sherwin-centos6-test.example.com", "--ntp-server", "169.254.169.123", "--domain", "idm.example.com", "--realm", "IDM.EXAMPLE.COM", "--server", "ipa1.idm.example.com"], "delta": "0:00:00.202857", "end": "2020-04-16 10:29:37.411081", "failed_when_result": true, "item": "ipa1.idm.example.com", "msg": "non-zero return code", "rc": 1, "start": "2020-04-16 10:29:37.208224", "stderr": "LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.\nLDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.\nFailed to verify that ipa1.idm.example.com is an IPA Server.\nThis may mean that the remote server is not up or is not reachable due to network or firewall settings.\nPlease make sure the following ports are opened in the firewall settings:\n     TCP: 80, 88, 389\n     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)\nAlso note that following ports are necessary for ipa-client working properly after enrollment:\n     TCP: 464\n     UDP: 464, 123 (if NTP enabled)\nInstallation failed. Rolling back changes.\nIPA client is not configured on this system.", "stderr_lines": ["LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.", "LDAP Error: Connect error: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.", "Failed to verify that ipa1.idm.example.com is an IPA Server.", "This may mean that the remote server is not up or is not reachable due to network or firewall settings.", "Please make sure the following ports are opened in the firewall settings:", "     TCP: 80, 88, 389", "     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)", "Also note that following ports are necessary for ipa-client working properly after enrollment:", "     TCP: 464", "     UDP: 464, 123 (if NTP enabled)", "Installation failed. Rolling back changes.", "IPA client is not configured on this system."], "stdout": "\u001b[?1034h", "stdout_lines": ["\u001b[?1034h"]}