Install client fails in Ubuntu 22.04
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
freeipa (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Hello there!
Ubuntu 18.04 (and previous ones) works just fine, but in Ubuntu 22.04 (fresh vm install and apt update) I'm trying to execute ipa-client-install but it fails like this:
root@fisica75:~# ipa-client-install
This program will set up IPA client.
Version 4.9.8
WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd
Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: fisica75.
Realm: FISICA.CABIB
DNS Domain: fisica.cabib
IPA Server: ipaserver.
BaseDN: dc=fisica,dc=cabib
Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: tavo
Password for <email address hidden>:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,
Issuer: CN=Certificate Authority,
Valid From: 2014-01-14 12:56:57
Valid Until: 2034-01-14 12:56:57
Enrolled in IPA realm FISICA.CABIB
Created /etc/ipa/
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm FISICA.CABIB
cannot connect to 'https:/
The ipa-client-install command failed. See /var/log/
root@fisica75:~#
There is no Hostname mismatch for the server certificate. It has been working just fine for years with multiple distros as clients. I can access the website with the same URL and cert is just fine.
Any ideas?
Thanks!
lsb_release -rd
Description: Ubuntu 22.04 LTS
Release: 22.04
apt-cache policy freeipa-client
freeipa-client:
Instalados: 4.9.8-1
Candidato: 4.9.8-1
Tabla de versión:
*** 4.9.8-1 500
500 http://
100 /var/lib/
[solved]
Freeipa server certificate was missing DNS SAN
ipa-client-install worked just fine after installing a new certificate with DNS SAN at the freeipa server