[Freeipa-users] Problem creating replica file

Jorge Argibay Molina Mon, 16 Apr 2012 15:14:51 -0700

Hi,

I'm in the testing phase of the deployment of FreeIPA in my network.


So far I've been able to configure the server, and several clients.

What I've been unable to do, and seems very easy going thru the documentation, 
is generate the replica.

Whenever I do:

ipa-replica-prepare hades.watea.com.ar --ip-address 192.168.1.180

I get

Directory Manager (existing master) password: 

Warning: Hostname (hades.watea.com.ar) not found in DNS
Preparing replica for hades.watea.com.ar from ares.watea.com.ar
Creating SSL certificate for the Directory Server
Certificate issuance failed

I'm attaching the pki-ca debug log, where I get an error.


I'm out of ideas, Can anyone suggest what maybe broken or any documentation 
that has a suggestion about fixing this issue?

[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet:service() uri = 
/ca/ee/ca/profileSubmitSSLClient
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet::service() param 
name='cert_request_type' value='pkcs10'
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet::service() param 
name='cert_request' 
value='MIICeTCCAWECAQAwNDEVMBMGA1UEChMMV0FURUEuQ09NLkFSMRswGQYDVQQDExJo
YWRlcy53YXRlYS5jb20uYXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDOMU0ArlCel4hSh4vWRyrLNuTEHSCGuOwc4haf+8OxlQLzkEPLtcfAJGqHIa2I
j8Ux5zzfvLOIaElDgUE7n4CbQc/XqgmA4ofn0c8JwR5aVqtcTfuclTEQxkWjoSO5
DiUH006RbBRx3aPeXxT7SwbMLiBJp3FClnxZcai63TMUTq6j0x6KlGPglN7QDr6/
iH6QAG0C58HzR2emNtySV6TjCHVC6hNjbUk+hy9rsT0jUnffGqElxvgAF//uDlhX
efF0/sVynx+XTeHTrMkxBH/2WfPE15Ho//ZePl2Oi+GMwYXhUcuW4U707NdyG0Dx
yVsQRk7LyxkbAAEAIRJGzhQdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAXXOs
o0Fpg8N3wfaeUic2ksqxmBhWfgoGS7qYLUrgrZQ7j7hO6B0jFK9eQ8smK9DtbXes
K8/vfzT5YipeCoxD8TCFqEEYxuuPaLxA8in1UvjYFDO0ZOb9yxYx4ZxHxNIQZqDY
ZzCV5sTIlqmJJ6j+2HhThclyt+LcSea1LgUcH7T10haEwOCkHgVeFyTrBRjqFKqE
mK0rZo9FpP3N6R5Wy1/KWH4tAh18XDAbcdI9dZ5fp1O1cPeCJOTOtTNne33BORtg
p1n4ZpAwX0qoI8pmPUORyKzCVm8Oknkgz50Pf912ePHUaX1vdZ0gW0jX9P/PWpmz
FA7kP9YYf+e62p+KHg==
'
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet::service() param 
name='requestor_name' value='IPA Installer'
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet::service() param 
name='xmlOutput' value='true'
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet::service() param 
name='profileId' value='caIPAserviceCert'
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet: caProfileSubmitSSLClient start 
to service.
[16/Apr/2012:17:59:15][http-9444-1]: xmlOutput true
[16/Apr/2012:17:59:15][http-9444-1]: Start of ProfileSubmitServlet Input 
Parameters
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet Input Parameter 
cert_request_type='pkcs10'
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet Input Parameter 
cert_request='MIICeTCCAWECAQAwNDEVMBMGA1UEChMMV0FURUEuQ09NLkFSMRswGQYDVQQDExJo
YWRlcy53YXRlYS5jb20uYXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDOMU0ArlCel4hSh4vWRyrLNuTEHSCGuOwc4haf+8OxlQLzkEPLtcfAJGqHIa2I
j8Ux5zzfvLOIaElDgUE7n4CbQc/XqgmA4ofn0c8JwR5aVqtcTfuclTEQxkWjoSO5
DiUH006RbBRx3aPeXxT7SwbMLiBJp3FClnxZcai63TMUTq6j0x6KlGPglN7QDr6/
iH6QAG0C58HzR2emNtySV6TjCHVC6hNjbUk+hy9rsT0jUnffGqElxvgAF//uDlhX
efF0/sVynx+XTeHTrMkxBH/2WfPE15Ho//ZePl2Oi+GMwYXhUcuW4U707NdyG0Dx
yVsQRk7LyxkbAAEAIRJGzhQdAgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAXXOs
o0Fpg8N3wfaeUic2ksqxmBhWfgoGS7qYLUrgrZQ7j7hO6B0jFK9eQ8smK9DtbXes
K8/vfzT5YipeCoxD8TCFqEEYxuuPaLxA8in1UvjYFDO0ZOb9yxYx4ZxHxNIQZqDY
ZzCV5sTIlqmJJ6j+2HhThclyt+LcSea1LgUcH7T10haEwOCkHgVeFyTrBRjqFKqE
mK0rZo9FpP3N6R5Wy1/KWH4tAh18XDAbcdI9dZ5fp1O1cPeCJOTOtTNne33BORtg
p1n4ZpAwX0qoI8pmPUORyKzCVm8Oknkgz50Pf912ePHUaX1vdZ0gW0jX9P/PWpmz
FA7kP9YYf+e62p+KHg==
'
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet Input Parameter 
requestor_name='IPA Installer'
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet Input Parameter 
xmlOutput='true'
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet Input Parameter 
profileId='caIPAserviceCert'
[16/Apr/2012:17:59:15][http-9444-1]: End of ProfileSubmitServlet Input 
Parameters
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: start serving
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: SubId=profile
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: isRenewal false
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: profileId 
caIPAserviceCert
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: authenticator 
raCertAuth found
[16/Apr/2012:17:59:15][http-9444-1]: 
ProfileSubmitServlet:setCredentialsIntoContext() authIds` null
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmistServlet: set Inputs into 
profile Context
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: set 
sslClientCertProvider
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: authentication 
required.
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet: in auditSubjectID
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet: auditSubjectID auditContext 
{sslClientCertProvider=com.netscape.cms.servlet.profile.SSLClientCertProvider@1d6dba0a,
 profileContext=com.netscape.cms.profile.common.EnrollProfileContext@ed0f59e}
[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet auditSubjectID: subjectID: null
[16/Apr/2012:17:59:15][http-9444-1]: AgentCertAuthentication: start
[16/Apr/2012:17:59:15][http-9444-1]: authenticator instance name is raCertAuth
[16/Apr/2012:17:59:15][http-9444-1]: AgentCertAuthenticator: got provider
[16/Apr/2012:17:59:15][http-9444-1]: AgentCertAuthenticator: retrieving client 
certificate
[16/Apr/2012:17:59:15][http-9444-1]: AgentCertAuthenticator: got certificates
[16/Apr/2012:17:59:15][http-9444-1]: In LdapBoundConnFactory::getConn()
[16/Apr/2012:17:59:15][http-9444-1]: masterConn is connected: true
[16/Apr/2012:17:59:15][http-9444-1]: getConn: conn is connected true
[16/Apr/2012:17:59:15][http-9444-1]: getConn: mNumConns now 2
[16/Apr/2012:17:59:15][http-9444-1]: returnConn: mNumConns now 3
[16/Apr/2012:17:59:15][http-9444-1]: In LdapBoundConnFactory::getConn()
[16/Apr/2012:17:59:15][http-9444-1]: masterConn is connected: true
[16/Apr/2012:17:59:15][http-9444-1]: getConn: conn is connected true
[16/Apr/2012:17:59:15][http-9444-1]: getConn: mNumConns now 2
[16/Apr/2012:17:59:15][http-9444-1]: returnConn: mNumConns now 3
[16/Apr/2012:17:59:15][http-9444-1]: ProfileSubmitServlet: authentication error 
Invalid Credential.
[16/Apr/2012:17:59:15][http-9444-1]: SignedAuditEventFactory: create() 
message=[AuditEvent=AUTH_FAIL][SubjectID=$NonRoleUser$ : 
Unidentified][Outcome=Failure][AuthMgr=raCertAuth][AttemptedCred=Unidentified] 
authentication failure

[16/Apr/2012:17:59:15][http-9444-1]: CMSServlet: curDate=Mon Apr 16 17:59:15 
ART 2012 id=caProfileSubmitSSLClient time=20


Thanks





                                                
Jorge Argibay
jorge.argi...@watea.com.ar

Tel.: (+54) 11 5277 0305 Int.: 4900
Cel: (+549) 11 4028 4900

USA: (+1) 786 866 7837 Int.: 4900
C. Rica: (+506) 4000 1650 Int.: 4900

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

[Freeipa-users] Problem creating replica file

Reply via email to