freeipa

Clone
Source Code
GIT

#3944 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt
Closed: Fixed None Opened 10 years ago by mkosek.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1011396

If you run ipa-client-install and it fails for some reason after creating
/etc/ipa/ca.crt , then it does not remove that file when it tries to clean up
after itself before quitting. This results in all subsequent runs failing to
auto-discover the server, with a rather cryptic error:

Error checking LDAP: Connect error: TLS error -8157:Certificate extension not
found.

it was just impossible to debug this without the very much appreciated help of
ab and mkosek in #freeipa. Suggestions: the 'clean up process' for failed
ipa-client-install runs should wipe that file, and perhaps (I don't know enough
to know if this makes sense) ipa-client-install should check if that file
exists if its auto-discovery process fails, and warn the user that its presence
might be the problem.

Added warning message if '/etc/ipa/ca.cert' exists.

master: c49cf95

ipa-3-3: 00a4ad2

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1108209

Metadata Update from @mkosek:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.0 - 2013/10
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Client
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1011396, https://bugzilla.redhat.com/show_bug.cgi?id=1108209
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.