Andrea Bontempi wrote:

I have a strange error on one FreeIPA client (on my other client doesn't occur) 
when i try to call the FreeIPA admin tools (example: ipa ping)

On the CLI the error prints:

ipa: ERROR: cannot connect to u'https://myipaserver/ipa/xml': [Errno -8015] 
error (-8015) unknown

The client working perfectly in the FreeIPA network, it's only a problem of CLI 

I try to connect through the python API, and i obtain this traceback:

Traceback (most recent call last):
  File "<input>", line 1, in <module>
  File "/usr/lib/python2.6/site-packages/ipalib/", line 435, in __cal
    ret =*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/", line 748, in run
    return self.forward(*args, **options)
  File "/usr/lib/python2.6/site-packages/ipalib/", line 769, in forwa
    return self.Backend.xmlclient.forward(, *args, **kw)
  File "/usr/lib/python2.6/site-packages/ipalib/", line 743, in forward
    raise NetworkError(uri=server, error=str(e))
NetworkError: cannot connect to u'https://myipaserver/ipa/xml': [
Errno -8015] error (-8015) unknown

On the line 743 we found:

except NSPRError, e:
    raise NetworkError(uri=server, error=str(e))

Can someone help me?

That error is SEC_ERROR_LEGACY_DATABASE which is less scary than it sounds. It seems that NSS throws that when it doesn't know how to open its database.

Check for the existence of /etc/pki/nssdb/*.db and make sure it is world readable. The IPA CA should exist in it too:

# certutil -L -d /etc/pki/nssdb


Freeipa-users mailing list

Reply via email to