Hi Florence, thanks for the support report the status of FreeIPA:
[root@adv ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING ntpd Service: RUNNING pki-tomcatd Service: STOPPED ipa-otpd Service: STOPPED ipa: INFO: The ipactl command was successful pki-tomcatd and ipa otpd seem to be stopped. On Wed, 23 Feb 2022 at 10:00, Florence Blanc-Renaud <[email protected]> wrote: > Hi, > are all the IPA services up and running on the replica (the kinit error > suggests that either krb5.conf is badly configured or the kerberos server > isn't running on the replica)? > Please report the output of "ipactl status". > > flo > > On Wed, Feb 23, 2022 at 9:05 AM Alessandro Minonzio via FreeIPA-users < > [email protected]> wrote: > >> Hi, >> >> I report this issue about FreeIPA server: >> >> >> ------------------------------------------------------------------------------------------------------------------ >> >> Request for enhancement >> >> A strange error is occurring when I try to access my FreeIPA. >> Issue >> >> The problem occurs when I try to access the FreeIPA portal. >> >> "The message occurs saying IPA Error 4301: CertificateOperationError" >> "Certificate operation cannot be completed: Unable to communicate with >> CMS (500)" >> >> in Certificate Authority appear: >> >> "cannot connect to 'https://xyz.xxxxxhq.it:443/ca/rest/account/login': >> <https://xyz.xxxxxhq.it/ca/rest/account/login':> [SSL: >> SSL_HANDSHAKE_FAILURE] ssl handshake failure (_ssl.c:1826)" >> >> and if I try to connect with KINIT ADMIN command on the console appear >> this error: >> >> "kinit: Cannot contact any KDC for realm 'SUBITOHQ.IT' while getting >> initial credentials" >> Actual behavior >> >> Serverweb and console with kinit admin doesn't work. LDAPADMIN tool too. >> Version/Release/Distribution >> >> package freeipa-server is not installed >> package freeipa-client is not installed >> ipa-server-4.6.5-11.el7.centos.3.x86_64 >> ipa-client-4.6.5-11.el7.centos.3.x86_64 >> 389-ds-base-1.3.9.1-12.el7_7.x86_64 >> pki-ca-10.5.16-5.el7_7.noarch >> krb5-server-1.15.1-37.el7_7.2.x86_64 >> Additional info: >> >> maybe it's a problem with CA but how is the process to solve that issue? >> The fact is that this behavior it's on a replica FreeIPA server with CA and >> DOMAIN. There is a resolution or a command to solve that? >> >> >> ------------------------------------------------------------------------------------------------------------------ >> >> could you help me please? >> >> Best regards, >> >> AM >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> Do not reply to spam on the list, report it: >> https://pagure.io/fedora-infrastructure >> >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
