Hi Sam,
On pe, 17 joulu 2021, Sam Morris wrote:
On Fri, 2021-12-17 at 06:59 +0200, Alexander Bokovoy wrote:
On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
> > The CA has its own upgrade code which runs unconditionally and I think
> > that's how both secret and requiredSecret got
On Fri, 2021-12-17 at 06:59 +0200, Alexander Bokovoy wrote:
> On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
> > > The CA has its own upgrade code which runs unconditionally and I think
> > > that's how both secret and requiredSecret got added to server.xml. I
> > > wasn't able to
On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
The CA has its own upgrade code which runs unconditionally and I think
that's how both secret and requiredSecret got added to server.xml. I
wasn't able to duplicate the 403 though, it always just worked for me.
Perhaps it has to go
> The CA has its own upgrade code which runs unconditionally and I think
> that's how both secret and requiredSecret got added to server.xml. I
> wasn't able to duplicate the 403 though, it always just worked for me.
> Perhaps it has to go through more than one upgrade cycle. I did my
> testing on
Hi,
> I can confirm that I ran in this issue on CentOS Stream 8 and this solution
> works.
Same here. I spent a day searching for the cause. I was misled by this Red Hat
article: https://access.redhat.com/solutions/4796941 which mentions the same
error message, so I spent most of my day
Hi Antonie,
I've checked requiredSecret and secret values in the files you indicated.
They are matching. My installations are fresh, I didn't upgrade from
previous versions. I'm going to backup nssdb and reinitialize it, maybe it
works. Regards,
Antoine Gatineau via FreeIPA-users ,
17 Eki 2021
On Fri, 2021-09-17 at 12:35 +, pp via FreeIPA-users wrote:
> Could you check if your "requiredSecret" value matches the "secret" in
> "/etc/pki/pki-tomcat/server.xml"?
> I had two lines where they were different and the value has to match the
> secret in
Dirk Silkenbäumer via FreeIPA-users wrote:
>> I filed https://bugzilla.redhat.com/show_bug.cgi?id=2006070 against
>> pki-core.
>
> latest update with:
> ipa-server.x86_64 4.9.6-6.module_el8.5.0
> pki-server.noarch 10.11.2-2.module_el8.5.0
>
> has the same issue
The BZ is still in NEW state. It
> I filed https://bugzilla.redhat.com/show_bug.cgi?id=2006070 against
> pki-core.
latest update with:
ipa-server.x86_64 4.9.6-6.module_el8.5.0
pki-server.noarch 10.11.2-2.module_el8.5.0
has the same issue
Best Dirk
___
FreeIPA-users mailing list --
Thank you. Just to clarify I currently have both "secret" and "requiredSecret"
set. Originally "requiredSecret" did not match the ipa secret while "secret"
did. I changed "requiredSecret" to also match to fix my issue.
___
FreeIPA-users mailing list --
pp via FreeIPA-users wrote:
>> The strange thing is this upgrade code has been in IPA since 4.9.0 so
>> its unclear why it decided to break now, and in the way it did.
>>
>> It should only change the attribute from requiredSecret to secret if
>> "tomcat version" reports a version >= 9.0.31.0.
>
> The strange thing is this upgrade code has been in IPA since 4.9.0 so
> its unclear why it decided to break now, and in the way it did.
>
> It should only change the attribute from requiredSecret to secret if
> "tomcat version" reports a version >= 9.0.31.0.
Yes, I noticed the python function
lejeczek via FreeIPA-users wrote:
>
>
> On 17/09/2021 13:35, pp via FreeIPA-users wrote:
>> Could you check if your "requiredSecret" value matches the "secret" in
>> "/etc/pki/pki-tomcat/server.xml"?
>> I had two lines where they were different and the value has to match
>> the secret in
On Fri, Sep 17, 2021 at 9:35 PM lejeczek via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> [...]
> ps. with applied fix, thought origianal error(s) is gone I
> still get:
> -> $ ipa-healthcheck
> Internal error testing KRA clone. KRA clone problem
> detected Host:
On 17/09/2021 13:35, pp via FreeIPA-users wrote:
Could you check if your "requiredSecret" value matches the "secret" in
"/etc/pki/pki-tomcat/server.xml"?
I had two lines where they were different and the value has to match the secret in
"/etc/httpd/conf.d/ipa-pki-proxy.conf". Once they all
On 17/09/2021 16:28, Rob Crittenden via FreeIPA-users wrote:
Dirk Silkenbäumer via FreeIPA-users wrote:
According to a different thread "tomcat pre-9.0.31.0 uses 'requiredSecret'
and afterward uses 'secret'."
https://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes
I am
Dirk Silkenbäumer via FreeIPA-users wrote:
>> According to a different thread "tomcat pre-9.0.31.0 uses 'requiredSecret'
>> and afterward uses 'secret'."
> https://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes
>
>> I am running my FreeIPA server on CentOS 8 Stream which uses
> According to a different thread "tomcat pre-9.0.31.0 uses 'requiredSecret'
> and afterward uses 'secret'."
https://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_noteable_changes
> I am running my FreeIPA server on CentOS 8 Stream which uses tomcat 9.0.30.
> My uninformed
> guess is the last
Could you check if your "requiredSecret" value matches the "secret" in
"/etc/pki/pki-tomcat/server.xml"?
I had two lines where they were different and the value has to match the secret
in "/etc/httpd/conf.d/ipa-pki-proxy.conf". Once they all matched I restarted
pki-tomcatd@pki-tomcat.service
lejeczek via FreeIPA-users wrote:
>
>
> On 14/09/2021 20:00, Rob Crittenden wrote:
>> lejeczek via FreeIPA-users wrote:
>>>
>>> On 14/09/2021 15:11, lejeczek via FreeIPA-users wrote:
On 14/09/2021 14:13, Rob Crittenden wrote:
> lejeczek via FreeIPA-users wrote:
>> Hi guys.
On 14/09/2021 20:00, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
On 14/09/2021 15:11, lejeczek via FreeIPA-users wrote:
On 14/09/2021 14:13, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR:
lejeczek via FreeIPA-users wrote:
>
>
> On 14/09/2021 15:11, lejeczek via FreeIPA-users wrote:
>>
>>
>> On 14/09/2021 14:13, Rob Crittenden wrote:
>>> lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR:
On 14/09/2021 15:11, lejeczek via FreeIPA-users wrote:
On 14/09/2021 14:13, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR: Certificate operation cannot be completed:
Unable to
communicate with CMS (403)
->
On 14/09/2021 14:13, Rob Crittenden wrote:
lejeczek via FreeIPA-users wrote:
Hi guys.
I get:
-> $ ipa host-del c8kubernode1.private.lot
ipa: ERROR: Certificate operation cannot be completed: Unable to
communicate with CMS (403)
-> $ ipa cert-show 1
ipa: ERROR: Certificate operation cannot
lejeczek via FreeIPA-users wrote:
> Hi guys.
>
> I get:
>
> -> $ ipa host-del c8kubernode1.private.lot
> ipa: ERROR: Certificate operation cannot be completed: Unable to
> communicate with CMS (403)
>
> -> $ ipa cert-show 1
> ipa: ERROR: Certificate operation cannot be completed: Request failed
That was it. They opened up 8080 and its working as expected. Thank you!
On Wed, Jun 7, 2017 at 12:17 PM, Rob Crittenden wrote:
> John Bowman via FreeIPA-users wrote:
> > I'm hoping this is a firewall issue but I figured I would check just in
> > case I'm looking in the
John Bowman via FreeIPA-users wrote:
> I'm hoping this is a firewall issue but I figured I would check just in
> case I'm looking in the wrong direction.
>
> I setup a pair non-CA replicas today and as far as I could tell
> everything seemed to be okay but I noticed that when searching via the
>
27 matches
Mail list logo