My apologies. It escaped my attention that you are running the agent as an unprivileged user instead of via a system account. This is unusual, because the capabilities of the agent are limited to those of the user running it, so running it as an unprivileged user means that many of the resources one might normally want the agent to manage cannot, in fact, be managed. It is more typical to run the agent as a system service, or to have the system's scheduler (e.g. cron) run it with privilege, so as to be able to manage everything.
Nevertheless, the problem is along the same lines I already described. The system does not share its Puppet credentials with ordinary users, and they don't share theirs with each other. Each of them, on each machine, on each OS, needs to be identified by a distinct certname.
If supporting multiple individual users running the agent as themselves is in fact what you want, then the solution is along the same lines as I already described. Ordinary users will use Puppet configuration recorded in their own space, under .puppetlabs/etc/puppet. You can form unique certnames by also adding the username, so, for example,
/home/xiru/.puppetlabs/etc/puppet/puppet.conf:
[main]
certname = lab1-machine1.mycompany.intra-linux-xiru
[agent]
server = puppet.mycompany.intra
Note well that this configuration is under the control of your users, so you would be wise to exercise careful oversight and control of certificate signing.
Again, however, this seems very unusual. Unprivileged end users more typically rely on 'puppet apply' to apply local manifests under their own control to manage resources within their own limited sphere of influence. This does not involve interacting with a master, and does not require cryptographic certificates at all.
John