On Thu, Nov 07, 2013 at 09:44:21AM +0200, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Dean Hunter wrote:
After building a new VM and configuring the IPA 3.3.2 client, Gnome
seems to only perform a local log-in until the system is rebooted. SSH
works with IPA, but not Gnome. Is this
On 11/07/2013 08:34 AM, William Leese wrote:
[root@vagrant-centos-6 CA]# cat /root/server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
-12195 is SSL_ERROR_UNKNOWN_CA_ALERT in NSS.
I wonder if the root chain you gave to the IPA installer was complete.
rob
I work with PEM file format, in the sub-ca certificate there aren't chains (but
isn't a problem if i use a self-generated CA).
(Moreover, the script has all the chain, the
Arthur Faizullin wrote:
I have found what that means. It is again something with access rights.
Rob Crittenden rcrit...@redhat.com says that it is better to generate
certificates at:
/etc/pki/tls/private/postgresql.key
/etc/pki/tls/certs/postgresql.crt
and if these files owner is postgres then
I do not know, may be I am wrong somewhere, but I did not make any extra
things with config files, just run ipa-client-install and everything
seemed works fine.
that worked for f17, f18, f19 with ipa-server on CentOS 6.36.4.
Jakub Hrozek wrote:
On Thu, Nov 07, 2013 at 09:44:21AM +0200,
Andrea Bontempi wrote:
-12195 is SSL_ERROR_UNKNOWN_CA_ALERT in NSS.
I wonder if the root chain you gave to the IPA installer was complete.
rob
I work with PEM file format, in the sub-ca certificate there aren't chains (but
isn't a problem if i use a self-generated CA).
(Moreover, the
On Thu, Nov 07, 2013 at 08:47:35PM +0600, Arthur wrote:
I do not know, may be I am wrong somewhere, but I did not make any
extra things with config files, just run ipa-client-install and
everything seemed works fine.
ipa-client-install modifies /etc/nsswitch.conf and adds sss to the
list of
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Dean Hunter wrote:
After building a new VM and configuring the IPA 3.3.2 client, Gnome
seems to only perform a local log-in until the system is rebooted. SSH
works with IPA, but not Gnome. Is this correct? Is
On 11/07/2013 12:21 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Dean Hunter wrote:
After building a new VM and configuring the IPA 3.3.2 client, Gnome
seems to only perform a local log-in until the system is rebooted. SSH
works with
On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
On 11/07/2013 12:21 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Dean Hunter wrote:
After building a new VM and configuring the IPA 3.3.2 client, Gnome
seems to
Hi,
I have just done a fresh server install of ipa on a Scientific Linux
6.4 machine, and I am finding the command line utilities are failing
with:
# ipa ping
ipa: ERROR: non-public: AttributeError: KerbTransport instance has no
attribute '_conn'
Traceback (most recent call last):
File
On 11/07/2013 12:59 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
On 11/07/2013 12:21 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Dean Hunter wrote:
After building a new VM and configuring the IPA 3.3.2
On 11/07/2013 01:49 PM, Jonathan Underwood wrote:
Hi,
I have just done a fresh server install of ipa on a Scientific Linux
6.4 machine, and I am finding the command line utilities are failing
with:
# ipa ping
ipa: ERROR: non-public: AttributeError: KerbTransport instance has no
attribute
Jonathan Underwood wrote:
Hi,
I have just done a fresh server install of ipa on a Scientific Linux
6.4 machine, and I am finding the command line utilities are failing
with:
# ipa ping
ipa: ERROR: non-public: AttributeError: KerbTransport instance has no
attribute '_conn'
Traceback (most
On Thu, 2013-11-07 at 17:41 -0500, Dmitri Pal wrote:
On 11/07/2013 12:59 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
On 11/07/2013 12:21 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
On Wed, 06
I was able to solve this by recreating my test CA. I believe the problem
was with non-matching Organisation between the CSR and CA - but I dont have
the knowledge to know if this is really required.
Anyhow, things work, despite not having removed the -BEGIN
CERTIFICATE- lines this time
On 11/07/2013 06:20 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 17:41 -0500, Dmitri Pal wrote:
On 11/07/2013 12:59 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
On 11/07/2013 12:21 PM, Dean Hunter wrote:
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy
17 matches
Mail list logo