yeah 3.3.4 in 14.04 is old by today's standard.. I don't support that
anymore, so either backport the client from 16.04 or upgrade to it..
closing as fixed since it's working in 16.04
** Changed in: freeipa (Ubuntu)
Status: New => Fix Released
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
FreeIPA Client on Ubuntu 14.04 can't be enrolled to IPA Server having
third party SSL
Status in freeipa package in Ubuntu:
Tried ipa-client-install on my Ubuntu server of version 14.04. My
FreeIPA Server (Version 4.4) is using third party signed CA Cert.
The freeipa client package on my machine is 3.3.4. Instead of getting
enrolled to IPA Server, the client installation failed with the
cert validation failed for "CN=*.*.*,O=*.*,((SEC_ERROR_UNTRUSTED_ISSUER)
Peer's certificate issuer has been marked as not trusted by the user.)
Cannot connect to the server due to generic error: cannot connect to
'https://*.*.*.*/ipa/xml': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's
certificate issuer has been marked as not trusted by the user.
Installation failed. Rolling back changes.
certmonger failed to start: [Errno 2] No such file or directory:
certmonger failed to stop: [Errno 2] No such file or directory:
Unenrolling client from IPA server
Unenrolling host failed: Error getting default Kerberos realm: Configuration
file does not specify default realm.
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
SSSD service could not be stopped
Restoring client configuration files
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
However client installation is working fine on Ubuntu 16.04 without
any error. Is this problem only confined to Ubuntu 14.04
Please provide me with a solution.
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~freeipa
Post to : email@example.com
Unsubscribe : https://launchpad.net/~freeipa
More help : https://help.launchpad.net/ListHelp