[Freeipa-users] NSPR Error -8015
Rob Crittenden
rcritten at redhat.com
Thu Dec 12 15:38:45 UTC 2013
Andrea Bontempi wrote:
> Hi
>
> I have a strange error on one FreeIPA client (on my other client doesn't occur) when i try to call the FreeIPA admin tools (example: ipa ping)
>
> On the CLI the error prints:
>
>> ipa: ERROR: cannot connect to u'https://myipaserver/ipa/xml': [Errno -8015] error (-8015) unknown
>
> The client working perfectly in the FreeIPA network, it's only a problem of CLI command.
>
> I try to connect through the python API, and i obtain this traceback:
>
>> Traceback (most recent call last):
>> File "<input>", line 1, in <module>
>> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in __cal
>> l__
>> ret = self.run(*args, **options)
>> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 748, in run
>> return self.forward(*args, **options)
>> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in forwa
>> rd
>> return self.Backend.xmlclient.forward(self.name, *args, **kw)
>> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 743, in forward
>> raise NetworkError(uri=server, error=str(e))
>> NetworkError: cannot connect to u'https://myipaserver/ipa/xml': [
>> Errno -8015] error (-8015) unknown
>
> On the line 743 we found:
>
>> except NSPRError, e:
>> raise NetworkError(uri=server, error=str(e))
>
> Can someone help me?
>
That error is SEC_ERROR_LEGACY_DATABASE which is less scary than it
sounds. It seems that NSS throws that when it doesn't know how to open
its database.
Check for the existence of /etc/pki/nssdb/*.db and make sure it is world
readable. The IPA CA should exist in it too:
# certutil -L -d /etc/pki/nssdb
rob
More information about the Freeipa-users
mailing list