← Back to team overview

freeipa team mailing list archive

  1. freeipa team
  2. Mailing list archive
  3. Message #00495

[Bug 1706872] Re: FreeIPA Client on Ubuntu 14.04 can't be enrolled to IPA Server having third party SSL

  Thread PreviousDate PreviousThread Next 
yeah 3.3.4 in 14.04 is old by today's standard.. I don't support that
anymore, so either backport the client from 16.04 or upgrade to it..

closing as fixed since it's working in 16.04

** Changed in: freeipa (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1706872

Title:
  FreeIPA Client on Ubuntu 14.04 can't be enrolled to IPA Server having
  third party SSL

Status in freeipa package in Ubuntu:
  Fix Released

Bug description:
  Hello,

  Tried ipa-client-install on my Ubuntu server of version 14.04. My
  FreeIPA Server (Version 4.4) is using third party signed CA Cert.

  The freeipa client package on my machine is 3.3.4. Instead of getting
  enrolled to IPA Server, the client installation failed with the
  following message:

  -----
  cert validation failed for "CN=*.*.*,O=*.*,((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.)
  Cannot connect to the server due to generic error: cannot connect to 'https://*.*.*.*/ipa/xml': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.
  Installation failed. Rolling back changes.
  certmonger failed to start: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
  certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'
  Unenrolling client from IPA server
  Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm.

  Removing Kerberos service principals from /etc/krb5.keytab
  Disabling client Kerberos and LDAP configurations
  Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
  SSSD service could not be stopped
  Restoring client configuration files
  nscd daemon is not installed, skip configuration
  nslcd daemon is not installed, skip configuration
  Client uninstall complete.
  -----

  However client installation is working fine on Ubuntu 16.04 without
  any error. Is this problem only confined to Ubuntu 14.04

  Please provide me with a solution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1706872/+subscriptions

References

  Thread PreviousDate PreviousThread Next