hi, In a test network I followed the procedure especified in https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/migrating-ipa-proc.html to migrate from a centos 6.7 ipa server to a new centos 7 ipa server.
Everything went fine, I shutdown the centos 6.7 host and i can kinit to the test realm like before with everything being handled by the centos 7.1 ipa server. Unfortunately, firefox is not loading the web ui with the message: An error occurred during a connection to kdc2.unix.domain.tld. The OCSP server experienced an internal error. (Error code: sec_error_ocsp_server_error) Chrome works fine, it does not query the ocsp responder apparently. If I turn off the ocsp queries in firefox, everything works. So how can I troubleshoot this? I have turned off the firewall in the centos 7.1 hosts, selinux is permissive. -- Groeten, natxo
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project