[Freeipa-users] freeipa cert validation failed, SEC_ERROR_UNTRUSTED_ISSUER

Alexander Bokovoy abokovoy at redhat.com
Wed Sep 9 14:01:46 UTC 2015 

On Wed, 09 Sep 2015, Morgan Marodin wrote:
>Hi Alexander.
>
>Ok, after enabling debugging I have these logs:
>-------------------------------------------------------------------
>==> /var/log/httpd/error_log <==
>INFO: Current debug levels:
>  all: 100
>  tdb: 100
>  printdrivers: 100
>  lanman: 100
>  smb: 100
>  rpc_parse: 100
>  rpc_srv: 100
>  rpc_cli: 100
>  passdb: 100
>  sam: 100
>  auth: 100
>  winbind: 100
>  vfs: 100
>  idmap: 100
>  quota: 100
>  acls: 100
>  locking: 100
>  msdfs: 100
>  dmapi: 100
>  registry: 100
>  scavenger: 100
>  dns: 100
>  ldb: 100
>pm_process() returned Yes
>GENSEC backend 'gssapi_spnego' registered
>GENSEC backend 'gssapi_krb5' registered
>GENSEC backend 'gssapi_krb5_sasl' registered
>GENSEC backend 'sasl-DIGEST-MD5' registered
>GENSEC backend 'spnego' registered
>GENSEC backend 'schannel' registered
>GENSEC backend 'sasl-EXTERNAL' registered
>GENSEC backend 'ntlmssp' registered
>Using binding ncacn_np:srv01.ipa.mydomain.com[,]
>s4_tevent: Added timed event "dcerpc_connect_timeout_handler":
>0x7f8a3c224990
>s4_tevent: Added timed event "composite_trigger": 0x7f8a3c042170
>s4_tevent: Added timed event "composite_trigger": 0x7f8a3c25b4a0
>s4_tevent: Running timer event 0x7f8a3c042170 "composite_trigger"
>s4_tevent: Destroying timer event 0x7f8a3c25b4a0 "composite_trigger"
>Mapped to DCERPC endpoint \pipe\lsarpc
>added interface eth0 ip=192.168.0.65 bcast=192.168.0.255
>netmask=255.255.255.0
>added interface eth0 ip=192.168.0.65 bcast=192.168.0.255
>netmask=255.255.255.0
Do you have IPv6 stack enabled?

>[2015/09/09 08:45:05.032211, 50, pid=11196, effective(0, 0), real(0, 0)]
>../lib/util/tevent_debug.c:63(samba_tevent_debug)
>  s3_tevent: Schedule immediate event "tevent_req_trigger": 0x7f7118a92cf0
>[2015/09/09 08:45:05.032282, 50, pid=11196, effective(0, 0), real(0, 0)]
>../lib/util/tevent_debug.c:63(samba_tevent_debug)
>  s3_tevent: Run immediate event "tevent_req_trigger": 0x7f7118a92cf0
>[2015/09/09 08:45:05.032353,  4, pid=11196, effective(217400000,
>217400000), real(217400000, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
>  pop_sec_ctx (217400000, 217400000) - sec_ctx_stack_ndx = 0
>[2015/09/09 08:45:05.032421,  2, pid=11196, effective(217400000,
>217400000), real(217400000, 0), class=rpc_srv]
>../source3/rpc_server/rpc_ncacn_np.c:630(make_external_rpc_pipe_p)
>  tstream_npa_connect_recv  to /run/samba/ncalrpc/np for pipe lsarpc and
>user IPA\admin failed: No such file or directory
I'm particularly worrying about his one -- /run/samba/ncalrpc/np pipe
has to be there.

Can you explain what is your setup in detail?

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list