Re: [Freeipa-users] ipa-client-install certutil failure

Tue, 05 Mar 2013 07:21:43 -0800 

Dne 5.3.2013 16:06, Rob Crittenden napsal(a):

Bittner Jakub wrote:

On 5.3.2013 14:43, Rob Crittenden wrote:

Jakub Bittner wrote:

Hello,
I am using IPA version 3.0 on server and if I want to install on ubuntu 
with ipa-client-install certutil in the end this command
"/usr/bin/certutil -A -d /etc/pki/nssdb -n IPA CA -t CT,C,C -a -i
/etc/ipa/ca.crt" fails.

If I try it manually it says:

certutil: function failed: The certificate/key database is in an old,
unsupported format.

I dont know for what I need nssdb. Is there a way how to recreate this
nssdb file?


Is it safe to assume that there is no NSS database in /etc/pki/nssdb
(the certutil error msgs are horrible)? There should be 3 .db files,
keyX.db, certY.db and secmod.db.

To create an empty one do:

certutil -N -d /etc/pki/nssdb

You can set no password on this by pressing ENTER twice at the password
prompts.

These files are typically root:root mode 644.

rob



Thank you for reply, I overcome this issue, but I have problem with
changing password on Ubuntu. I can log in, I can see GID, UIG and so,
but I can not change password.
How are you trying to change the password? What output do you get when it fails?
Is there anything in system logs related to this? /var/log/secure, /var/log/messages.
Does password change work on other clients (e.g. if you have a Fedora client, does that work?) 

rob




I do this procedure:

passwd
Current Password:
Password change failed. Server message: Password is too short

Password not changed.
passwd: Authentication Token Manipulation Error
passwd: password unchanged


In /var/log/auth.log is:
Mar 5 16:12:56 b125-test-201 passwd[23994]: pam_unix(passwd:chauthtok): user "bitj" does not exist in /etc/passwd Mar 5 16:12:59 b125-test-201 passwd[23994]: pam_unix(passwd:chauthtok): user "bitj" does not exist in /etc/passwd Mar 5 16:12:59 b125-test-201 passwd[23994]: pam_sss(passwd:chauthtok): system info: [Generic error (see e-text)] Mar 5 16:12:59 b125-test-201 passwd[23994]: pam_sss(passwd:chauthtok): User info message: Password change failed. Server message: Password is too short#012#012Password not changed. Mar 5 16:12:59 b125-test-201 passwd[23994]: pam_sss(passwd:chauthtok): Password change failed for user bitj: 20 (Authentication Token Manipulation Error) 



in wireshark:
1576 9.952337 ipa.domain.cz client.domain.cz KRB5 366 KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED 


P.S.
Generic error (see e-text). I dont know what or where the e-text is.


Thank you,
Jakub Bittner

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to