Server died
by Bret Wortman
I've got a server with multiple replication agreements that just went
toes up. The tail end of the startup output says:
Aug 01 14:21:22 zsipa systemd[1]: dirsrv(a)DG-NET.service: main process
exited, code=exited, status=1/FAILURE
Aug 01 14:21:22 zsipa systemd[1]:
Aug 01 14:21:22 zsipa systemd[1]:
--
*Bret Wortman*
Damascus Products
ph/fax: 1-855-644-2783
Wrap Buddies <wrapbuddies.co/store> now available for preorder!
6 years, 8 months
Errors in enrolling Ubuntu 14.04 Client to FreeIPA
by Alka Murali
I Cannot enrol and do the ipa-client-install on Ubuntu 14.04 to IPA
Server (4.4). My IPA Server is having third party certificates for
HTTP/LDAP. I have installed it using the suggestions in
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
Other version of Ubuntu like 16.04 is enrolled fine.
Here is the error message that I get during the installation
----
cert validation failed for
"CN=*.*.*,O=*.*,((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate
issuer has been marked as not trusted by the user.)
Cannot connect to the server due to generic error: cannot connect to
'https://*.*.*.*/ipa/xml': [Errno -8172] (SEC_ERROR_UNTRUSTED_ISSUER)
Peer's certificate issuer has been marked as not trusted by the user.
Installation failed. Rolling back changes.
certmonger failed to start: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'
certmonger failed to stop: [Errno 2] No such file or directory:
'/var/run/ipa/services.list'
Unenrolling client from IPA server
Unenrolling host failed: Error getting default Kerberos realm:
Configuration file does not specify default realm.
Removing Kerberos service principals from /etc/krb5.keytab
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to
/etc/sssd/sssd.conf.deleted
SSSD service could not be stopped
Restoring client configuration files
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
-----
Is it due to my third part cert? If so, please provide a suggestion so
that I can enrol my Ubuntu Client to my IPA Server.
I am attaching the logs for your reference.
6 years, 9 months