On Thu, Nov 07, 2013 at 09:44:21AM +0200, Alexander Bokovoy wrote:
> On Wed, 06 Nov 2013, Dean Hunter wrote:
>
> >After building a new VM and configuring the IPA 3.3.2 client, Gnome
> >seems to only perform a local log-in until the system is rebooted. SSH
> >works with IPA, but not Gnome. Is this
On 11/07/2013 08:34 AM, William Leese wrote:
[root@vagrant-centos-6 CA]# cat /root/server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
> -12195 is SSL_ERROR_UNKNOWN_CA_ALERT in NSS.
>
>I wonder if the root chain you gave to the IPA installer was complete.
>
>rob
I work with PEM file format, in the sub-ca certificate there aren't chains (but
isn't a problem if i use a self-generated CA).
(Moreover, the script has all the chain,
Arthur Faizullin wrote:
I have found what that means. It is again something with access rights.
Rob Crittenden says that it is better to generate
certificates at:
/etc/pki/tls/private/postgresql.key
/etc/pki/tls/certs/postgresql.crt
and if these files owner is postgres then postgresql is startin
I do not know, may be I am wrong somewhere, but I did not make any extra
things with config files, just run ipa-client-install and everything
seemed works fine.
that worked for f17, f18, f19 with ipa-server on CentOS 6.3&6.4.
Jakub Hrozek wrote:
On Thu, Nov 07, 2013 at 09:44:21AM +0200, Alexan
Andrea Bontempi wrote:
-12195 is SSL_ERROR_UNKNOWN_CA_ALERT in NSS.
I wonder if the root chain you gave to the IPA installer was complete.
rob
I work with PEM file format, in the sub-ca certificate there aren't chains (but
isn't a problem if i use a self-generated CA).
(Moreover, the script
On Thu, Nov 07, 2013 at 08:47:35PM +0600, Arthur wrote:
> I do not know, may be I am wrong somewhere, but I did not make any
> extra things with config files, just run ipa-client-install and
> everything seemed works fine.
ipa-client-install modifies /etc/nsswitch.conf and adds "sss" to the
list o
On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
> On Wed, 06 Nov 2013, Dean Hunter wrote:
>
> >After building a new VM and configuring the IPA 3.3.2 client, Gnome
> >seems to only perform a local log-in until the system is rebooted. SSH
> >works with IPA, but not Gnome. Is this correc
On 11/07/2013 12:21 PM, Dean Hunter wrote:
> On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
>> On Wed, 06 Nov 2013, Dean Hunter wrote:
>>
>> >After building a new VM and configuring the IPA 3.3.2 client, Gnome
>> >seems to only perform a local log-in until the system is rebooted. SSH
>
On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
> On 11/07/2013 12:21 PM, Dean Hunter wrote:
>
> > On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
> >
> > > On Wed, 06 Nov 2013, Dean Hunter wrote:
> > >
> > > >After building a new VM and configuring the IPA 3.3.2 client, Gnom
Hi,
I have just done a fresh server install of ipa on a Scientific Linux
6.4 machine, and I am finding the command line utilities are failing
with:
# ipa ping
ipa: ERROR: non-public: AttributeError: KerbTransport instance has no
attribute '_conn'
Traceback (most recent call last):
File "/usr/li
On 11/07/2013 12:59 PM, Dean Hunter wrote:
> On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
>> On 11/07/2013 12:21 PM, Dean Hunter wrote:
>>> On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
On Wed, 06 Nov 2013, Dean Hunter wrote:
>After building a new VM and configu
On 11/07/2013 01:49 PM, Jonathan Underwood wrote:
> Hi,
>
> I have just done a fresh server install of ipa on a Scientific Linux
> 6.4 machine, and I am finding the command line utilities are failing
> with:
>
> # ipa ping
> ipa: ERROR: non-public: AttributeError: KerbTransport instance has no
> at
Jonathan Underwood wrote:
Hi,
I have just done a fresh server install of ipa on a Scientific Linux
6.4 machine, and I am finding the command line utilities are failing
with:
# ipa ping
ipa: ERROR: non-public: AttributeError: KerbTransport instance has no
attribute '_conn'
Traceback (most recent
On Thu, 2013-11-07 at 17:41 -0500, Dmitri Pal wrote:
> On 11/07/2013 12:59 PM, Dean Hunter wrote:
>
> > On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
> >
> > > On 11/07/2013 12:21 PM, Dean Hunter wrote:
> > >
> > > > On Thu, 2013-11-07 at 09:44 +0200, Alexander Bokovoy wrote:
> > > >
I was able to solve this by recreating my test CA. I believe the problem
was with non-matching Organisation between the CSR and CA - but I dont have
the knowledge to know if this is really required.
Anyhow, things work, despite not having removed the "-BEGIN
CERTIFICATE-" lines this time a
On 11/07/2013 06:20 PM, Dean Hunter wrote:
> On Thu, 2013-11-07 at 17:41 -0500, Dmitri Pal wrote:
>> On 11/07/2013 12:59 PM, Dean Hunter wrote:
>>> On Thu, 2013-11-07 at 12:36 -0500, Dmitri Pal wrote:
On 11/07/2013 12:21 PM, Dean Hunter wrote:
> On Thu, 2013-11-07 at 09:44 +0200, Alexander
17 matches
Mail list logo
