12 August 2015

FreeIPA server client reinstallation failed

I've installed FreeIPA for central user management in Linux RHEL 6.5, other servers were connected to it as clients and doing user authentication and authorization correctly.

For some reasons, I decided to uninstall the server and reinstall it back.

However, this time after server reinstallation, I couldn't add other servers as client to FreeIPA and it fails with following error:

# ipa-client-install --domain=example.eu --server=vm1.example.eu --realm=EXAMPLE.EU -p admin  --password=123 --mkhomedir --hostname=vm1.example.eu

LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
LDAP Error: Connect error: TLS error -8054:You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
Failed to verify that ipaserver.example.eu is an IPA Server.
This may mean that the remote server is not up or is not reachable due to network or firewall settings.
Please make sure the following ports are opened in the firewall settings:
     TCP: 80, 88, 389
     UDP: 88 (at least one of TCP/UDP ports 88 has to be open)
Also note that following ports are necessary for ipa-client working properly after enrollment:
     TCP: 464
     UDP: 464, 123 (if NTP enabled)
Installation failed. Rolling back changes.
IPA client is not configured on this system.


The reason is that the certificate from previous installation still exist and didn't purge with "ipa-client-install --uninstall" command.


Solution is to delete previous certificate manually and reinstallation of client will go smoothly afterward:

# rm /etc/ipa/ca.crt





No comments:

Post a Comment