mohammad sereshki wrote:
hi
I get below error from "getcert list",would you please help me to solve it?

  ca-error: Server denied our request, giving up: 2100 (RPC failed at
server.  Insufficient access:
Insufficient 'write' privilege to the 'userCertificate' attribute of entry
'krbprincipalname=ldap/ipasrv.example....@example.com,cn=services,cn=accounts,dc=example,dc=com'.).

With so many threads on basically the same underlying issue it's difficult to tell what works and what doesn't work and what you've done to get past various blockers.

What have you done to get past the "Error setting up ccache for local "host" service using default keytab" issue, for example?

Generic things to do:

- ipactl status to ensure all services are running
- check /var/log/httpd/error_log for more information on the CA ACL issues. You may want to create /etc/ipa/server.conf with these contents:

[global]
debug = True

Then restart httpd and try to reproduce for more verbose output.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to