Good afternoon. We currently have FreeIPA v4.6.8 running on CentOS7. We have tried many of the solutions posted on this mailer however none have helped us bring the environment back online. Our current situation is as follows:
- We have a single master / single CA with a total of 4 FreeIPA (2 in each site) servers in production. - Replication is not working between the master and secondaries. - The FreeIPA admin account password is working and we are able to kinit as admin - We can bring the IPA services online by rolling the clock back to before the HTTP cert expired, however the CA refuses to sign any of our cert requests -- giving a Kerberos authentication error when CURL'd - We are able to login to the HTTP interface with the services up and date rolled back, however we are unable to issue a new cert, we receive a 500 error in reaching the CA Happy to provide any other requested info but we've been troubleshooting this for 3 days straight and we're coming up empty on every avenue. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
