My netapp filer is happily doing ldap over ssl lookups for account information to my RHEL 6.7 testing ipa server (ipa-server-3.0.0-47.el6_7.1.x86_64).

However, when I switch the filer to use my RHEL 7.2 ipa server (ipa-server-4.2.0-15.el7_2.3.x86_64) the lookup doesn't work.

In the dirsrv log file I see entries like this:

[28/Jan/2016:09:17:45 +0000] conn=1338 fd=112 slot=112 SSL connection from xxx.xxx.xxx.xxx to yyy.yyy.yy.yyy [28/Jan/2016:09:17:45 +0000] conn=1338 op=-1 fd=112 closed - Cannot communicate securely with peer: no common encryption algorithm(s).

(xxx.xxx.xxx.xxx is the filer ip address and yyy.yyy.yyy.yyy is the ipa server ip address).

Looking in the ldap directory for fields with cipher in the name shows a very different set of nssslenabledciphers between the two ipa-server versions.

I wonder if this might be the issue?

Can the ldap server tell me what ciphers its being requested to use by the filer?


Roderick Johnstone

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to