RA Agent realm authorisation fails – how to debug?
by Tomasz Torcz
Hi,
I'm having trouble with pki-tomcat as shipped as a part of FreeIPA in
Fedora 34. Version is pki-base-10.10.6-1.fc34.noarch.
The problem is in authentication for ACME component. Logs, even
after increasing level, are very short:
2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: Finding user by cert:
2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: - base DN: ou=people,o=ipaca
2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: - filter: description=2;105;CN=Certificate Authority,O=PIPEBREAKER.PL;CN=IPA RA,O=PIPEBREAKER.PL
2021-11-03 18:43:07 [https-jsse-nio-8443-exec-12] INFO: User: uid=ipara,ou=people,o=ipaca
2021-11-03 18:43:08 [https-jsse-nio-8443-exec-12] FINE: Realm.authenticate() returned false
I've verified (thrice!) that certificate used for authentication is
correct – the same as stored in LDAP.
How to find out why Realm authentication fails?
Can I increase log level for this component?
Any ideas how should I continue?
Full thread with this problem is at:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
Tomasz Torcz “Funeral in the morning, IDE hacking
tomek(a)pipebreaker.pl in the afternoon and evening.” - Alan Cox
3 years, 1 month
- 1
- 0
- ← Newer
- 1
- Older →