Hi, On Thu, May 2, 2024 at 5:12 PM Damola Azeez via FreeIPA-users < [email protected]> wrote:
> Hello All, > > I attempted to login to the freeipa Gui to administer a user and i found > out i wasn't able to login with any of the freeipa users. checking further, > i saw that the certificate expired and didn't renew. > > Apache error shows > > [Thu May 02 15:10:01.823493 2024] [wsgi:error] [pid 4772:tid > 140528850261760] [remote 192.168.101.177:49818] > ipapython.ipautil.CalledProcessError: CalledProcessError(Command > ['/usr/bin/kinit', '-n', '-c', '/run/ipa/ccaches/armor_4772', '-X', > 'X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt', '-X', > 'X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem'] returned > non-zero exit status 1: 'kinit: Preauthentication failed while getting > initial credentials\\n') > > > while the certmonger status shows > > Error obtaining initial credentials: Preauthentication failed. > Error setting up ccache for "host" service on client using default keytab: > Preauthentication failed > > some other errors I'm seeing are > ipa: INFO: Connection to https://x.x.x/ipa/json failed with [SSL: > CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897) > > > My setup is oracle linux 8.5 with Freeipa version 4.9.6, API_VERSION: > 2.245 > You can use the tool ipa-cert-fix to repair expired certificates. More info in the guide: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/managing_certificates_in_idm/renewing-expired-system-certificates-when-idm-is-offline_working-with-idm-certificates flo > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
