Hello to all! I'm trying a lot, to setup a Firewall vpn login with certificates generated by the FreeIPA server, but i´m stucked now. I have the user certificate generated by the FreeIPA and the firewall generate the CSR then imported on the FreeIPA server, and download the pem generated by the UI and imported again in the Firewall and the firewall match the sign certificate. But when we try to connect to the VPN using certificates, the debug shows:
fnbamd_auth_cert_result-Result for ldap svr[0] 'fripa.domain.net' is DENY auth_cert_success-Matched user name 'CA-Ldaps', matched group name 'CA-Ldapgrp' fnbamd_comm_send_result-Sending result 1 (error 0, nid 672) for req 454599539 delete_group_list-Delete group CA-Ldapgrp ike 3:C2-HQ_DCI:50: certificate validation failed >From the firewall we can test the Ldaps users and passwords and the test is OK. Thnks to all for any advice! -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
