On 2014-08-28 10:58, Nicklas Björk wrote:
> 2014-08-27T14:45:19Z DEBUG stderr=pkispawn    : WARNING  ....... unable
> to validate security domain user/password through REST interface.
> Interface not available

Digging a bit further I found the following in
/var/lib/pki-ca/logs/debug on the FreeIPA master. All lines share the
common prefix [09/Sep/2014:14:30:27][TP-Processor6].

CMSServlet:service() uri = /ca/agent/ca/updateDomainXML
CMSServlet::service() param name='name' value='"/var/lib/pki/pki-tomcat"'
CMSServlet::service() param name='ncsport' value='8443'
CMSServlet::service() param name='sport' value='None'
CMSServlet::service() param name='operation' value='remove'
CMSServlet::service() param name='adminsport' value='8443'
CMSServlet::service() param name='list' value='caList'
CMSServlet::service() param name='type' value='CA'
CMSServlet::service() param name='agentsport' value='8443'
CMSServlet::service() param name='host' value='replica.example.net'
CMSServlet: caUpdateDomainXML start to service.
UpdateDomainXML: processing...
UpdateDomainXML process: authentication starts
AuthMgrName: certUserDBAuthMgr
CMSServlet: retrieving SSL certificate
CMSServlet: certUID=CN=CA Subsystem,O=EXAMPLE.NET
CertUserDBAuth: started
CertUserDBAuth: Retrieving client certificate
CertUserDBAuth: Got client certificate
Authentication: client certificate found
In LdapBoundConnFactory::getConn()
masterConn is connected: true
getConn: conn is connected true
getConn: mNumConns now 2
returnConn: mNumConns now 3
SignedAuditEventFactory: create()
Subsystem,O=EXAMPLE.NET] authentication failure

CMSServlet: curDate=Tue Sep 09 14:30:27 CEST 2014 id=caUpdateDomainXML

What kind of authentication is it complaining about, and is it possible
to repair it?


Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to