Hi, We have freeipa running as docker container and recently, Weub UI fails with "Login failed due to an unknown reason."
I went through the following , https://lists.fedorahosted.org/archives/list/[email protected]/thread/563G4GA6FVZNRQVBB2YHNVQSIPO73HET/ And checked below, when I run openssl x509 -text -in /var/kerberos/krb5kdc/kdc.crt sh-4.2# openssl x509 -text -in /var/kerberos/krb5kdc/kdc.crt Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) Signature Algorithm: sha256WithRSAEncryption Issuer: O=XX.COM, CN=Certificate Authority Validity Not Before: Mar 28 15:30:41 2020 GMT Not After : Mar 29 15:30:41 2022 GMT Subject: O=XXX.COM, CN=freeipa.XX.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c6:15:96:06:ec:5e:10:8d:92:a4:c4:29:11:58: eb:47:94:46:b3:e0:92:0b:e1:60:50:ce:50:1b:6a: 25:28:88:de:5b:41:c7:3c:92:cf:02:c3:0c:a5:14: 37:68:04:c0:c6:e1:1a:c4:ac:6f:8c:04:55:d5:42: 3d:3c:78:29:88:3f:a4:81:52:35:88:3f:7e:fc:80: 8a:ea:14:2a:f2:a8:49:ab:d6:32:5b:ea:35:d4:3b: 4d:14:4f:2c:5a:97:e3:a5:83:be:a6:9e:61:21:0a: e0:2a:37:f8:41:9a:a2:8c:fb:54:a2:b2:9a:9d:32: ff:8a:bb:0d:a4:05:b9:31:db:cd:9e:75:05:b3:bf: 7f:f4:d7:84:8e:2e:16:92:db:51:97:01:1e:19:58: 93:1b:9b:1c:56:a1:18:10:62:3f:8e:43:84:4f:c5: 90:3b:e9:de:2e:71:4e:32:33:52:22:1f:51:a8:7b: fa:46:88:8f:ea:d5:c7:0a:ab:9a:36:ca:ff:e4:d2: fb:04:4a:39:81:06:b1:59:fc:9b:59:d9:2d:91:9d: bc:65:c9:e0:55:37:88:ba:4d:f8:4d:68:7a:4c:70: 69:4b:3e:74:aa:d4:c2:65:20:bf:d5:37:5e:73:c6: b3:a8:4b:ca:37:8c:09:ee:cd:23:26:ed:d8:65:e0: 3b:bf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Authority Key Identifier: keyid:E2:12:D1:0E:77:B1:9B:A6:5F:96:06:9E:C1:4F:9D:C1:6A:1C:5C:0C Authority Information Access: OCSP - URI:http://ipa-ca.XX.com/ca/ocsp X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, 1.3.6.1.5.2.3.5 X509v3 CRL Distribution Points: Full Name: URI:http://ipa-ca.XX.com/ipa/crl/MasterCRL.bin CRL Issuer: DirName: O = ipaca, CN = Certificate Authority X509v3 Subject Key Identifier: 6B:84:45:F0:3F:20:AA:C9:6A:FE:08:33:A7:4F:4D:F5:07:95:18:31 X509v3 Subject Alternative Name: othername:<unsupported>, othername:<unsupported> Signature Algorithm: sha256WithRSAEncryption 08:97:ce:4f:cf:25:c3:8b:3b:c5:70:b3:1e:57:2d:49:2a:70: 18:cf:7a:93:01:6a:26:0b:7b:7e:42:0d:8e:77:01:20:cd:41: 50:9d:03:0d:8b:ad:52:1c:e0:c0:56:3e:2a:de:3c:b4:c5:49: 63:11:8e:10:04:1a:d9:9a:3d:59:2c:7f:f2:7f:88:37:82:15: aa:b7:c0:cc:83:a0:98:22:6f:e8:f9:8e:95:5f:d8:0f:65:ba: 96:cb:cc:22:ab:fe:e2:54:b5:f3:35:f8:39:4e:3e:7d:55:77: 4a:79:9e:0e:c0:1c:26:b1:b4:05:a1:92:0c:9c:4c:b8:46:73: a4:b2:07:ff:6c:20:c7:e8:cb:44:66:78:e3:68:a5:74:0d:33: d3:93:5c:dc:df:46:c9:d7:18:09:a9:8b:d2:02:b2:34:f6:ac: 2f:10:19:d1:c8:35:d8:4e:94:5a:5f:ac:b3:27:3c:ba:3f:06: 9c:64:6a:24:72:75:c1:8e:f4:6a:4a:1f:a6:31:93:74:36:78: 99:89:d0:34:5f:2b:f2:ab:90:5f:ce:46:8e:cf:6a:19:66:31: df:57:2f:d5:98:b1:f7:69:a7:a3:f2:9f:80:77:56:d1:ff:22: ef:80:25:d0:fd:5f:6a:a6:74:df:4c:3a:99:62:b6:40:64:d5: 0e:d4:c9:c0 -----BEGIN CERTIFICATE----- MIIE3jCCA8agAwIBAgIBCjANBgkqhkiG9w0BAQsFADA/MR0wGwYDVQQKDBRESUNF REFUQVBMQVRGT1JNLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MB4XDTIwMDMyODE1MzA0MVoXDTIyMDMyOTE1MzA0MVowRjEdMBsGA1UECgwURElD RURBVEFQTEFURk9STS5DT00xJTAjBgNVBAMMHGZyZWVpcGEuZGljZWRhdGFwbGF0 Zm9ybS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGFZYG7F4Q jZKkxCkRWOtHlEaz4JIL4WBQzlAbaiUoiN5bQcc8ks8CwwylFDdoBMDG4RrErG+M BFXVQj08eCmIP6SBUjWIP378gIrqFCryqEmr1jJb6jXUO00UTyxal+Olg76mnmEh CuAqN/hBmqKM+1SispqdMv+Kuw2kBbkx282edQWzv3/014SOLhaS21GXAR4ZWJMb mxxWoRgQYj+OQ4RPxZA76d4ucU4yM1IiH1Goe/pGiI/q1ccKq5o2yv/k0vsESjmB BrFZ/JtZ2S2RnbxlyeBVN4i6TfhNaHpMcGlLPnSq1MJlIL/VN15zxrOoS8o3jAnu zSMm7dhl4Du/AgMBAAGjggHcMIIB2DAfBgNVHSMEGDAWgBTiEtEOd7Gbpl+WBp7B T53BahxcDDBGBggrBgEFBQcBAQQ6MDgwNgYIKwYBBQUHMAGGKmh0dHA6Ly9pcGEt Y2EuZGljZWRhdGFwbGF0Zm9ybS5jb20vY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAw HAYDVR0lBBUwEwYIKwYBBQUHAwEGBysGAQUCAwUwfwYDVR0fBHgwdjB0oDygOoY4 aHR0cDovL2lwYS1jYS5kaWNlZGF0YXBsYXRmb3JtLmNvbS9pcGEvY3JsL01hc3Rl ckNSTC5iaW6iNKQyMDAxDjAMBgNVBAoMBWlwYWNhMR4wHAYDVQQDDBVDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkwHQYDVR0OBBYEFGuERfA/IKrJav4IM6dPTfUHlRgxMIGe BgNVHREEgZYwgZOgQAYKKwYBBAGCNxQCA6AyDDBrcmJ0Z3QvRElDRURBVEFQTEFU Rk9STS5DT01ARElDRURBVEFQTEFURk9STS5DT02gTwYGKwYBBQICoEUwQ6AWGxRE SUNFREFUQVBMQVRGT1JNLkNPTaEpMCegAwIBAaEgMB4bBmtyYnRndBsURElDRURB VEFQTEFURk9STS5DT00wDQYJKoZIhvcNAQELBQADggEBAAiXzk/PJcOLO8Vwsx5X LUkqcBjPepMBaiYLe35CDY53ASDNQVCdAw2LrVIc4MBWPirePLTFSWMRjhAEGtma PVksf/J/iDeCFaq3wMyDoJgib+j5jpVf2A9lupbLzCKr/uJUtfM1+DlOPn1Vd0p5 ng7AHCaxtAWhkgycTLhGc6SyB/9sIMfoy0RmeONopXQNM9OTXNzfRsnXGAmpi9IC sjT2rC8QGdHINdhOlFpfrLMnPLo/BpxkaiRydcGO9GpKH6Yxk3Q2eJmJ0DRfK/Kr kF/ORo7PahlmMd9XL9WYsfdpp6Pyn4B3VtH/Iu+AJdD9X2qmdN9MOplitkBk1Q7U ycA= -----END CERTIFICATE----- And, sh-4.2# ls -l /var/lib/ipa-client/pki/kdc-ca-bundle.pem -rw-r--r--. 1 root root 1326 Mar 28 2020 /var/lib/ipa-client/pki/kdc-ca-bundle.pem Could you please help?
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
