Public bug reported: Hello,
Tried ipa-client-install on my Ubuntu server of version 14.04. My FreeIPA Server (Version 4.4) is using third party signed CA Cert. The freeipa client package on my machine is 3.3.4. Instead of getting enrolled to IPA Server, the client installation failed with the following message: ----- cert validation failed for "CN=*.*.*,O=*.*,((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) Cannot connect to the server due to generic error: cannot connect to 'https://*.*.*.*/ipa/xml': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. Installation failed. Rolling back changes. certmonger failed to start: [Errno 2] No such file or directory: '/var/run/ipa/services.list' certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list' Unenrolling client from IPA server Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm. Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted SSSD service could not be stopped Restoring client configuration files nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete. ----- However client installation is working fine on Ubuntu 16.04 without any error. Is this problem only confined to Ubuntu 14.04 Please provide me with a solution. ** Affects: freeipa (Ubuntu) Importance: Undecided Status: New ** Description changed: -- You received this bug notification because you are a member of FreeIPA, which is subscribed to freeipa in Ubuntu. https://bugs.launchpad.net/bugs/1706872 Title: FreeIPA Client on Ubuntu 14.04 can't be enrolled to IPA Server having third party SSL Status in freeipa package in Ubuntu: New Bug description: Hello, Tried ipa-client-install on my Ubuntu server of version 14.04. My FreeIPA Server (Version 4.4) is using third party signed CA Cert. The freeipa client package on my machine is 3.3.4. Instead of getting enrolled to IPA Server, the client installation failed with the following message: ----- cert validation failed for "CN=*.*.*,O=*.*,((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user.) Cannot connect to the server due to generic error: cannot connect to 'https://*.*.*.*/ipa/xml': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user. Installation failed. Rolling back changes. certmonger failed to start: [Errno 2] No such file or directory: '/var/run/ipa/services.list' certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list' Unenrolling client from IPA server Unenrolling host failed: Error getting default Kerberos realm: Configuration file does not specify default realm. Removing Kerberos service principals from /etc/krb5.keytab Disabling client Kerberos and LDAP configurations Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted SSSD service could not be stopped Restoring client configuration files nscd daemon is not installed, skip configuration nslcd daemon is not installed, skip configuration Client uninstall complete. ----- However client installation is working fine on Ubuntu 16.04 without any error. Is this problem only confined to Ubuntu 14.04 Please provide me with a solution. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1706872/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~freeipa Post to : freeipa@lists.launchpad.net Unsubscribe : https://launchpad.net/~freeipa More help : https://help.launchpad.net/ListHelp