Tezarin via FreeIPA-users wrote:
> Thank you for your prompt reply. I modified my SSH config and replaced
> the last line with:
> 
>  LocalForward 443 127.0.0.1:443
> 
> But it still doesn't work and when I try to login to the VM, I get this
> error: Privileged ports can only be forwarded by root

I'm not entirely sure why you are trying to forward ports this way but
it isn't really something that the IPA team can help with. This would be
specific to whatever environment you are trying to run in.

rob

> 
> Thanks for your help
> 
> On Thursday, February 8, 2018, 4:27:27 PM EST, Rob Crittenden via
> FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
> 
> 
> Tezarin via FreeIPA-users wrote:
>> It's installed on an EC2 instance which is only accessible through
>> tunneling and proxy:
>> So I added an entry in my ~/.ssh/config file like this:
>>
>> Host ipaserver
>>         HostName [EC2 IP]
>>         ProxyCommand ssh proxy-server -W %h:%p
>>         IdentityFile ~/.ssh/id_rsa
>>         User testuser
>>         LocalForward 8443 127.0.0.1:8443
>>
>> The GUI comes up but it doesn't show much, only:
> 
> You want port 443. 8443 is the CA.
> 
> rob
> 
>>
>> Certificate System <http://pki.fedoraproject.org/>
>> Certificate System <https://127.0.0.1:8443/>
>>
>> -
>>
>> The Certificate System is an enterprise-class open source Certificate
>> Authority (CA). It is a full-featured system, and has been hardened by
>> real-world deployments. It supports all aspects of certificate lifecycle
>> management, including key archival, OCSP and smartcard management, and
>> much more.
>>
>> *Enter <https://127.0.0.1:8443/pki/ui/>*
>>
>>
>>
>> Thanks
>> On Thursday, February 8, 2018, 3:02:04 PM EST, Rob Crittenden via
>> FreeIPA-users <freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>>
>>
>> None via FreeIPA-users wrote:
>>> Hi all,
>>>
>>
>> What URL are you using?
>>
>> rob
>>
>>>
>>> I have installed FreeIPA server on CentOS 6.9 but the GUI is not
>> coming up completely. It only shows the following certificate system
>> messages. Not sure why and here are the files in the /etc/httpd/alias:
>>>
>>> lrwxrwxrwx 1 root root      24 Jan 30 14:19 libnssckbi.so ->
>> /usr/lib64/libnssckbi.so
>>> -rw-r----- 1 root apache 16384 Jan 30 14:19 secmod.db.orig
>>> -rw-r----- 1 root apache 24576 Jan 30 14:19 key3.db.orig
>>> -rw-r----- 1 root apache 65536 Jan 30 14:19 cert8.db.orig
>>> -rw------- 1 root root    5274 Jan 30 14:19 install.log
>>> -rw------- 1 root root      32 Feb  1 19:32 ipasession.key
>>> -rw------- 1 root apache    41 Feb  7 16:47 pwdfile.txt.ipasave
>>> -rw-r----- 1 root apache 16384 Feb  7 16:47 secmod.db.ipasave
>>> -rw-r----- 1 root apache 16384 Feb  7 17:09 key3.db.ipasave
>>> -rw-r----- 1 root apache 65536 Feb  7 17:09 cert8.db.ipasave
>>> -rw------- 1 root apache    41 Feb  7 17:49 pwdfile.txt
>>> -rw-r----- 1 root apache 16384 Feb  7 17:49 secmod.db
>>> -rw-r----- 1 root apache 16384 Feb  8 12:00 key3.db
>>> -rw-r----- 1 root apache 65536 Feb  8 12:00 cert8.db
>>>
>>> And here are the certs in my /root directory:
>>>
>>> -rw-------. 1 root    root    1006 Nov 16  2015 anaconda-ks.cfg
>>> -rw-r--r--  1 pkiuser pkiuser 10328 Feb  7 17:48 cacert.p12
>>> -rw-------  1 root    root    2604 Feb  7 17:48 ca-agent.p12
>>>
>>> And here is what the GUI shows:
>>>
>>>
>>> Certificate System
>>> Certificate System
>>> -
>>> The Certificate System is an enterprise-class open source Certificate
>> Authority (CA). It is a full-featured system, and has been hardened by
>> real-world deployments. It supports all aspects of certificate lifecycle
>> management, including key archival, OCSP and smartcard management, and
>> much more.
>>>
>>> Enter
>>>
>>> Any info would be much appreciated.
>>>
>>> Thank you
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
>> <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>>
>>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
>> <mailto:freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>>
>>
>>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
>> <mailto:freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>>
>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> 
>> <mailto:freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
>> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
>>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> <mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> 
> 
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to