I Cannot enrol and do the ipa-client-install on Ubuntu 14.04 to IPA Server (4.4). My IPA Server is having third party certificates for HTTP/LDAP. I have installed it using the suggestions in https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
Other version of Ubuntu like 16.04 is enrolled fine. Here is the error message that I get during the installation ---- cert validation failed for "CN=*.*.*,O=*.*,((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) Cannot connect to the server due to generic error: cannot connect to 'https://*.*.*.*/ipa/xml': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. Installation failed. Rolling back changes. certmonger failed to start: [Errno 2] No such file or directory: '/var/run/ipa/services.list' certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list' Unenrolling client from IPA server Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm. Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted SSSD service could not be stopped Restoring client configuration files nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete. ----- Is it due to my third part cert? If so, please provide a suggestion so that I can enrol my Ubuntu Client to my IPA Server. I am attaching the logs for your reference.
IPA_Client_Install.rtf
Description: RTF file
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
