freeipa team mailing list archive

Thread
Date

[Bug 1975858] [NEW] Install client fails in Ubuntu 22.04

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: Gustavo Berman <1975858@xxxxxxxxxxxxxxxxxx>
Date: Thu, 26 May 2022 17:05:57 -0000
Reply-to: Bug 1975858 <1975858@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Hello there!

Ubuntu 18.04 (and previous ones) works just fine, but in Ubuntu 22.04
(fresh vm install and apt update) I'm trying to execute ipa-client-
install but it fails like this:

root@fisica75:~# ipa-client-install
This program will set up IPA client.
Version 4.9.8

WARNING: conflicting time&date synchronization service 'ntp' will be
disabled in favor of chronyd

Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: fisica75.fisica.cabib
Realm: FISICA.CABIB
DNS Domain: fisica.cabib
IPA Server: ipaserver.fisica.cabib
BaseDN: dc=fisica,dc=cabib

Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: tavo
Password for tavo@FISICA.CABIB:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=FISICA.CABIB
    Issuer:      CN=Certificate Authority,O=FISICA.CABIB
    Valid From:  2014-01-14 12:56:57
    Valid Until: 2034-01-14 12:56:57

Enrolled in IPA realm FISICA.CABIB
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm FISICA.CABIB
cannot connect to 'https://ipaserver.fisica.cabib/ipa/json': [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ipaserver.fisica.cabib'. (_ssl.c:997)
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
root@fisica75:~#

There is no Hostname mismatch for the server certificate. It has been
working just fine for years with multiple distros as clients. I can
access the website with the same URL and cert is just fine.

Any ideas?
Thanks!


lsb_release -rd
Description:	Ubuntu 22.04 LTS
Release:	22.04


apt-cache policy freeipa-client
freeipa-client:
  Instalados: 4.9.8-1
  Candidato:  4.9.8-1
  Tabla de versión:
 *** 4.9.8-1 500
        500 http://www.fisica.cabib/ubuntu jammy/universe amd64 Packages
        100 /var/lib/dpkg/status

** Affects: freeipa (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "ipaclient-install.log"
   https://bugs.launchpad.net/bugs/1975858/+attachment/5593147/+files/ipaclient-install.log

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1975858

Title:
  Install client fails in Ubuntu 22.04

Status in freeipa package in Ubuntu:
  New

Bug description:
  Hello there!

  Ubuntu 18.04 (and previous ones) works just fine, but in Ubuntu 22.04
  (fresh vm install and apt update) I'm trying to execute ipa-client-
  install but it fails like this:

  root@fisica75:~# ipa-client-install
  This program will set up IPA client.
  Version 4.9.8

  WARNING: conflicting time&date synchronization service 'ntp' will be
  disabled in favor of chronyd

  Discovery was successful!
  Do you want to configure chrony with NTP server or pool address? [no]:
  Client hostname: fisica75.fisica.cabib
  Realm: FISICA.CABIB
  DNS Domain: fisica.cabib
  IPA Server: ipaserver.fisica.cabib
  BaseDN: dc=fisica,dc=cabib

  Continue to configure the system with these values? [no]: yes
  Synchronizing time
  No SRV records of NTP servers found and no NTP server or pool address was provided.
  Using default chrony configuration.
  Attempting to sync time with chronyc.
  Time synchronization was successful.
  User authorized to enroll computers: tavo
  Password for tavo@FISICA.CABIB:
  Successfully retrieved CA cert
      Subject:     CN=Certificate Authority,O=FISICA.CABIB
      Issuer:      CN=Certificate Authority,O=FISICA.CABIB
      Valid From:  2014-01-14 12:56:57
      Valid Until: 2034-01-14 12:56:57

  Enrolled in IPA realm FISICA.CABIB
  Created /etc/ipa/default.conf
  Configured /etc/sssd/sssd.conf
  Configured /etc/krb5.conf for IPA realm FISICA.CABIB
  cannot connect to 'https://ipaserver.fisica.cabib/ipa/json': [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ipaserver.fisica.cabib'. (_ssl.c:997)
  The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information
  root@fisica75:~#

  There is no Hostname mismatch for the server certificate. It has been
  working just fine for years with multiple distros as clients. I can
  access the website with the same URL and cert is just fine.

  Any ideas?
  Thanks!

  
  lsb_release -rd
  Description:	Ubuntu 22.04 LTS
  Release:	22.04

  
  apt-cache policy freeipa-client
  freeipa-client:
    Instalados: 4.9.8-1
    Candidato:  4.9.8-1
    Tabla de versión:
   *** 4.9.8-1 500
          500 http://www.fisica.cabib/ubuntu jammy/universe amd64 Packages
          100 /var/lib/dpkg/status

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1975858/+subscriptions

Follow ups

[Bug 1975858] Re: Install client fails in Ubuntu 22.04
From: madhu kunta, 2023-04-05
[Bug 1975858] Re: Install client fails in Ubuntu 22.04
From: Timo Aaltonen, 2023-03-06
[Bug 1975858] Re: Install client fails in Ubuntu 22.04
From: Gustavo Berman, 2022-06-15