I'm trying to add a freeIPA client on a Ubuntu 14.04.02 Version and it's 
failing.  Here is somebackground information.  We lost (RIP) our main IPA 
server ipa.mydomain.com a while ago, but we were able to fail over to a replica 
called ipa2.  Since then we've built a redundant ipa3.mydomain.com replica.  
Since then all the systems that were there previously work fine.  But adding 
new IPA hosts fail.
The main error below (I believe) is:
Joining realm failed: libcurl failed to execute the HTTP POST transaction, 
explaining:  SSL: certificate subject name 'ipa2.mydomain.com' does not match 
target host name 'ipa.mydomain.com'
Any idea how to fix?
Thanks in advance!

root@myhost:~# ipa-client-install -N --hostname myhost.mydomain.com 
--mkhomedirDNS domain 'COM' is not configured for automatic KDC address 
lookup.KDC address will be set to fixed value.Discovery was 
successful!Hostname: myhost.mydomain.comRealm: COMDNS Domain: mydomain.comIPA 
Server: ipa.mydomain.comBaseDN: dc=COM
Continue to configure the system with these values? [no]: yesUser authorized to 
enroll computers: adminSynchronizing time with KDC...Unable to sync time with 
IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is 
opened.Password for admin@COM: Unable to download CA cert from LDAP.Do you want 
to download the CA cert from http://ipa.mydomain.com/ipa/config/ca.crt?(this is 
INSECURE) [no]: yesDownloading the CA certificate via HTTP, this is 
INSECURESuccessfully retrieved CA cert    Subject:     CN=Certificate 
Authority,O=COM    Issuer:      CN=Certificate Authority,O=COM    Valid From:  
Thu Apr 04 23:20:27 2013 UTC    Valid Until: Mon Apr 04 23:20:27 2033 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction, 
explaining:  SSL: certificate subject name 'ipa2.mydomain.com' does not match 
target host name 'ipa.mydomain.com'
Installation failed. Rolling back changes.certmonger failed to start: Command 
'/usr/sbin/service certmonger start ' returned non-zero exit status 1certmonger 
failed to stop: [Errno 2] No such file or directory: 
'/var/run/ipa/services.list'Disabling client Kerberos and LDAP 
configurationsRedundant SSSD configuration file /etc/sssd/sssd.conf was moved 
to /etc/sssd/sssd.conf.deletedSSSD service could not be stoppedRestoring client 
configuration filesnscd daemon is not installed, skip configurationnslcd daemon 
is not installed, skip configuration/etc/ipa/default.conf could not be removed: 
[Errno 2] No such file or directory: '/etc/ipa/default.conf'Please remove 
/etc/ipa/default.conf manually, as it can cause subsequent installation to 
fail.Client uninstall complete.
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to