[Freeipa-users] adding freeipa client fails

John Williams john.1209 at yahoo.com
Thu Jul 9 19:14:46 UTC 2015 

I'm trying to add a freeIPA client on a Ubuntu 14.04.02 Version and it's failing.  Here is somebackground information.  We lost (RIP) our main IPA server ipa.mydomain.com a while ago, but we were able to fail over to a replica called ipa2.  Since then we've built a redundant ipa3.mydomain.com replica.  Since then all the systems that were there previously work fine.  But adding new IPA hosts fail.
The main error below (I believe) is:
Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining:  SSL: certificate subject name 'ipa2.mydomain.com' does not match target host name 'ipa.mydomain.com'
Any idea how to fix?
Thanks in advance!

root at myhost:~# ipa-client-install -N --hostname myhost.mydomain.com --mkhomedirDNS domain 'COM' is not configured for automatic KDC address lookup.KDC address will be set to fixed value.Discovery was successful!Hostname: myhost.mydomain.comRealm: COMDNS Domain: mydomain.comIPA Server: ipa.mydomain.comBaseDN: dc=COM
Continue to configure the system with these values? [no]: yesUser authorized to enroll computers: adminSynchronizing time with KDC...Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened.Password for admin at COM: Unable to download CA cert from LDAP.Do you want to download the CA cert from http://ipa.mydomain.com/ipa/config/ca.crt?(this is INSECURE) [no]: yesDownloading the CA certificate via HTTP, this is INSECURESuccessfully retrieved CA cert    Subject:     CN=Certificate Authority,O=COM    Issuer:      CN=Certificate Authority,O=COM    Valid From:  Thu Apr 04 23:20:27 2013 UTC    Valid Until: Mon Apr 04 23:20:27 2033 UTC
Joining realm failed: libcurl failed to execute the HTTP POST transaction, explaining:  SSL: certificate subject name 'ipa2.mydomain.com' does not match target host name 'ipa.mydomain.com'
Installation failed. Rolling back changes.certmonger failed to start: Command '/usr/sbin/service certmonger start ' returned non-zero exit status 1certmonger failed to stop: [Errno 2] No such file or directory: '/var/run/ipa/services.list'Disabling client Kerberos and LDAP configurationsRedundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deletedSSSD service could not be stoppedRestoring client configuration filesnscd daemon is not installed, skip configurationnslcd daemon is not installed, skip configuration/etc/ipa/default.conf could not be removed: [Errno 2] No such file or directory: '/etc/ipa/default.conf'Please remove /etc/ipa/default.conf manually, as it can cause subsequent installation to fail.Client uninstall complete.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150709/687f3db2/attachment.htm>

More information about the Freeipa-users mailing list