hello John, thanks for the answer!!! This problem only happens in linux machines that are in the domain, because I have not yet tested on windows.
Linux machines names in the test: - mint-client.mycompany.intra - ubuntu-client.mycompany.intra Use the 'certname' setting in your machines' Puppet configuration ([main] > section) to assign a unique certname to each personality of each machine. > Perhaps you could use a pattern similar to the one I suggested for unique > hostnames. So I would put an entry in puppet.conf, something like this? [main] certname = mint-client.mycompany.intra [agent] server = puppet.mycompany.intra If yes, yet not works. The user "xiru" is part of the domain. I logged on to the machine and executed "puppet agent -t" command and the error of certificates not match occurs. It creates the new certificate on the path: "/home/xiru/.puppetlabs/etc/puppet/ssl" Em sexta-feira, 20 de abril de 2018 10:15:45 UTC-3, jcbollinger escreveu: > > > > On Thursday, April 19, 2018 at 6:44:57 PM UTC-5, [email protected] wrote: >> >> Hello guys, >> >> At my place of work we have some computer labs. In these laboratories >> each computer has the operating system windows and linux. Both systems are >> in our AD domain. >> >> I did a lab of tests and I have a functional puppet server. I put some >> nodes as root of the system. Everything working perfectly. >> >> When I log in with a domain user on linux machines and run the "puppet >> agent -t" command, a new certificate is generated, but an error occurs >> stating that it does not match the server's certificate. >> >> How can I get around this and make it always the same certificate? >> > > > It sounds like your machines use the same hostname whether they are > running Windows or Linux. This makes sense from a physical perspective, > but not from a logical one -- one of your machines has very different > characteristics when running Windows than it does when running Linux. > > In any case, the Puppet installations on Windows and Linux are separate > and do not share data (by default), so each manages its own certificate. > In that sense, they absolutely are distinct machines from Puppet's > perspective. By default, however, Puppet uses machines' hostnames as their > certificate names, so if you have two machines with the same hostname then > their certificates will collide. It will also happen if you rebuild / > re-image your machines without preserving their certificates, but reusing > the same hostnames. > > You have several options for working around that, among them: > > - Give your machines different hostnames for Windows and Linux. The > easiest way to do that might be to add "-linux" and / or "-windows" > suffixes to the hostnames you are using now. Then each personality of > each > machine has a distinct name, and everything should just work. > - Use the 'certname' setting in your machines' Puppet configuration ( > [main] section) to assign a unique certname to each personality of > each machine. Perhaps you could use a pattern similar to the one I > suggested for unique hostnames. > - You could also arrange for your machines to share their certificates > between their two personalities, either by copying them or by putting them > in a place that both personalities can access. I have several technical > reasons to dislike this alternative, and I don't recommend it, but having > understood the problem, you probably would have thought of it anyway. > > John > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6c069e1a-45ae-424f-ae2b-41e8220c3bab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
