[Freeipa-users] ipa-getcert Problem ?

[Günther J. Niederwimmer]

Hello

I mean I have a Problem with the ipa-getcert script.

system CentOS 7 (1503) and IPA 4.1.x

can any help or declare my mistake or is this a IPA Problem

I do a

kinit admin

ipa-getcert request -d /etc/pki/nssdb -n Server-Cert -K HOST/xxx.4gjn.prv -N 
'CN=xxx.4gjn.prv,O=$4GJN.PRV'

and have afterward with
ipa-getcert list

Number of certificates and requests being tracked: 1.
Request ID '20150414172251':
        status: CA_REJECTED
        ca-error: Server at https://ipa.4gjn.prv/ipa/xml denied our request, 
giving up: 2100 (RPC failed at server.  Insufficient access: Insufficient 'add' 
privilege to add the entry 
'krbprincipalname=HOST/xxx.4gjn.prv at 4GJN.PRV,cn=services,cn=accounts,dc=4gjn,dc=prv'.).
        stuck: yes
        key pair storage: 
type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS 
Certificate DB'
        certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='Server-
Cert'
        CA: IPA
        issuer: 
        subject: 
        expires: unknown
        pre-save command: 
        post-save command: 
        track: yes
        auto-renew: yes

ipa-getcert status
process 4731: arguments to dbus_message_new_method_call() were incorrect, 
assertion "path != NULL" failed in file dbus-message.c line 1262.
This is normally a bug in some application using the D-Bus library.
  D-Bus not built with -rdynamic so unable to print a backtrace
Abgebrochen (Speicherabzug geschrieben)


what is wrong ?
-- 
mit freundlichen Grüßen / best regards,

  Günther J. Niederwimmer