[Freeipa-users] anonymous bind + ipa-install-client failure
Benjamin Reed
ranger at opennms.org
Fri Dec 23 21:38:40 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/23/11 12:02 PM, Simo Sorce wrote:
> One thing you can test is if the ca.crt exposed via http is the same
> that is stored on the server in /etc/ipa/ca.crt
they are identical, I did find that the errors file is complaining about
this:
[22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_unwrap_key: failed to
unwrap key for cipher AES
[22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_cipher_init:
symmetric key failed to unwrap with the private key; Cert might have
been renewed since the key is wrapped. To recover the encrypted
contents, keep the wrapped symmetric key value.
[22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_unwrap_key: failed to
unwrap key for cipher 3DES
[22/Dec/2011:21:31:15 -0600] attrcrypt - attrcrypt_cipher_init:
symmetric key failed to unwrap with the private key; Cert might have
been renewed since the key is wrapped. To recover the encrypted
contents, keep the wrapped symmetric key value.
[22/Dec/2011:21:31:16 -0600] attrcrypt - All prepared ciphers are not
available. Please disable attribute encryption.
- --
Benjamin Reed
The OpenNMS Group
http://www.opennms.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFO9PTfUu+jZtP2Zf4RAveHAJ9TniJdF74K/XSI3r8o8eKSS0+TEACfT6xc
wWKYP73YzPY5SsnzNwnt16g=
=KnIi
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list