(Not sure if this message went through initially, this is a resend.)
I'm trying to add a freeIPA client on a Ubuntu 14.04.02 Version and it's
failing. Here is somebackground information. We lost (RIP) our main IPA
server ipa.mydomain.com a while ago, but we were able to fail over to a replica
called ipa2. Since then we've built a redundant ipa3.mydomain.com replica.
Since then all the systems that were there previously work fine. But adding
new IPA hosts fail.
The main error below (I believe) is:
Joining realm failed: libcurl failed to execute the HTTP POST transaction,
explaining: SSL: certificate subject name 'ipa2.mydomain.com' does not match
target host name 'ipa.mydomain.com'
Any idea how to fix?
Thanks in advance!
root@myhost:~# ipa-client-install -N --hostname myhost.mydomain.com
--mkhomedirDNS domain 'COM' is not configured for automatic KDC address
lookup.KDC address will be set to fixed value.Discovery was
successful!Hostname: myhost.mydomain.comRealm: COMDNS Domain: mydomain.comIPA
Server: ipa.mydomain.comBaseDN: dc=COM
Continue to configure the system with these values? [no]: yesUser authorized to
enroll computers: adminSynchronizing time with KDC...Unable to sync time with
IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is
opened.Password for admin@COM: Unable to download CA cert from LDAP.Do you want
to download the CA cert from http://ipa.mydomain.com/ipa/config/ca.crt?(this is
INSECURE) [no]: yesDownloading the CA certificate via HTTP, this is
INSECURESuccessfully retrieved CA cert Subject: CN=Certificate
Authority,O=COM Issuer: CN=Certificate Authority,O=COM Valid From:
Thu Apr 04 23:20:27 2013 UTC Valid Until: Mon Apr 04 23:20:27 2033 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction,
explaining: SSL: certificate subject name 'ipa2.mydomain.com' does not match
target host name 'ipa.mydomain.com'
Installation failed. Rolling back changes.certmonger failed to start: Command
'/usr/sbin/service certmonger start ' returned non-zero exit status 1certmonger
failed to stop: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'Disabling client Kerberos and LDAP
configurationsRedundant SSSD configuration file /etc/sssd/sssd.conf was moved
to /etc/sssd/sssd.conf.deletedSSSD service could not be stoppedRestoring client
configuration filesnscd daemon is not installed, skip configurationnslcd daemon
is not installed, skip configuration/etc/ipa/default.conf could not be removed:
[Errno 2] No such file or directory: '/etc/ipa/default.conf'Please remove
/etc/ipa/default.conf manually, as it can cause subsequent installation to
fail.Client uninstall complete.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
