Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via FreeIPA-
users:
Günther J. Niederwimmer via FreeIPA-users wrote:
> Hallo,
>
> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
> FreeIPA-users:
>
>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>
>>
>>
>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden via
>>> FreeIPA-users:
>>>
>>>
>>>
>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> this is a new installed Server CentOS 7.7
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> but it is not possible to configure this for IPA replica
>>>>> I have this Error
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in asn1Spec:
>>>>> GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
>>>>> tagId=1)))),
>>>>>
>>>>>
>>>>>
>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((),
Tag(tagClass=128,
>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName',
>>>>> Name(componentType=NamedTypes(NamedType('',
RDNSequence())),
>>>>> tagSet=TagSet((),
>>>
>>>
>>> Tag(tagClass=128, tagFormat=0, tagId=4)))),
>>>
>>>
>>>>> NamedType('uniformResourceIdentifier',
IA5String(tagSet=TagSet((),
>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))),
NamedType('iPAddress',
>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
>>>>> tagId=7)))),
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> NamedType('registeredID', ObjectIdentifier('<no
value>'))))
>>>>> ipapython.admintool: ERROR The ipa-replica-install command
failed.
>>>>> See
>>>>> /
>>>
>>>
>>> var/log/ipareplica-install.log for more information
>>>
>>>
>>>>>
>>>>>
>>>>>
>>>>> I install before ipa-client-install, this is working but afterward
>>>>> for
>>>>> the
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>> replica i Have this Problem?
>>>
>>>
>>>>>
>>>>>
>>>>>
>>>>> firewall Ports are open.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> More context from the log would help.
>>>
>>>
>>>
>>> I send it to you Rob
>>>
>>>
>>>
>>>
>>>> And can you confirm what version of python-pyasn1 is installed, and
>>>> that
>>>> you don't have a pip-version installed.
>>>
>>>
>>>
>>> this version is installed
>>> Paket python2-pyasn1-0.1.9-7.el7.noarch
>>>
>>>
>>>
>>> normal installation
>>
>>
>>
>>
>> It is blowing up trying to fetch the subject-alt names out of the Apache
>> cert on the original master (ipa.xxx.xxx). You didn't happen to replace
>> the Apache cert on ipa.xxx.xxx did you?
>
>
> NO, this is a "normal" Installation without changing anything ?
>
> I make no experiments with certificates?
>
> the only thing I remember
> I have set in host
>
> xxx.xxx.xxx.xxx
ipa.example.com
> 2000:yy:yy:yy:yy
ipa.example.com
> xxx.xxx.xxx.xxx ipa.example.com.lan
>
>
>
>
>> Can you provide the PEM for that cert?
>>
>
>
>> On ipa.xxx.xxx:
>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
>
>
> I have a normal certificate
> -----BEGIN CERTIFICATE-----
> ................................
> ................
> .........
> -----END CERTIFICATE-----
>
>
It could be useful for us to see the contents of the cert to see if we
can duplicate the failure.
Can it be helpful the install log from the master ?
before I must reinstall the master ?
I have setup before I do this, for test on my site the same? this was working!
New Install centos 7.7 master and new install centos 7.7 replica all is
working :-(
--
mit freundlichen Grüßen / best regards
Günther J. Niederwimmer