On 11/05/2014 09:20 PM, Natxo Asenjo wrote:
On Wed, Nov 5, 2014 at 7:45 PM, Natxo Asenjo <[email protected]> wrote:
And I think I found it:
https://fedorahosted.org/freeipa/ticket/3727
permissions of that folder:
$ ls -ld publish/
drwxr-xr-x. 2 root root 73728 Jun 13 2013 publish/
I just changed them to pkiuser:pkiuser, let's see what the next run does.
and it's fixed (after undoing the change in CS.cfg and re-setting
ca.crl.MasterCRL.enableCRLCache=false
ca.crl.MasterCRL.enableCRLUpdates=false
both to true and reloading pki-cad):
-rw-rw-r--. 1 pkiuser pkiuser 1807 Jun 28 2013 MasterCRL-20130628-210000.der
-rw-rw-r--. 1 pkiuser pkiuser 5278 Nov 5 21:00 MasterCRL-20141105-210000.der
lrwxrwxrwx. 1 pkiuser pkiuser 57 Nov 5 21:00 MasterCRL.bin ->
/var/lib/ipa/pki-ca/publish/MasterCRL-20141105-210000.der
phew
Good! I am glad you fixed the problem. I added this case to
http://www.freeipa.org/page/Troubleshooting#CRL_gets_very_old
I am wondering what caused the issue. In the beginning you wrote that you use
centos 6.5. However, the bug you correctly referred to was fixed in 6.5:
https://bugzilla.redhat.com/show_bug.cgi?id=975431
So I am wondering if some scenario was missed and for example the IPA updater
did not fix the folder ownership.
Thanks,
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
