Hello to all!
I'm trying a lot, to setup a Firewall vpn login with certificates generated by the FreeIPA server, but i´m stucked now. I have the user certificate generated by the FreeIPA and the firewall generate the CSR then imported on the FreeIPA server, and download the pem generated by the UI and imported again in the Firewall and the firewall match the sign certificate. But when we try to connect to the VPN using certificates, the debug shows:
fnbamd_auth_cert_result-Result for ldap svr[0] 'fripa.domain.net' is DENY auth_cert_success-Matched user name 'CA-Ldaps', matched group name 'CA-Ldapgrp' fnbamd_comm_send_result-Sending result 1 (error 0, nid 672) for req 454599539 delete_group_list-Delete group CA-Ldapgrp ike 3:C2-HQ_DCI:50: certificate validation failed
From the firewall we can test the Ldaps users and passwords and the test is OK.
Thnks to all for any advice!
freeipa-users@lists.fedorahosted.org