Am Freitag, 3. Januar 2020, 17:23:46 CET schrieb Rob Crittenden via FreeIPA-
users:
Günther J. Niederwimmer via FreeIPA-users wrote:
> Am Freitag, 3. Januar 2020, 16:27:38 CET schrieb Rob Crittenden via
> FreeIPA-
>
>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>
>>
>>
>>> Hallo,
>>>
>>>
>>>
>>> Am Donnerstag, 2. Januar 2020, 21:37:31 CET schrieb Rob Crittenden via
>>> FreeIPA-users:
>>>
>>>
>>>
>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> Am Donnerstag, 2. Januar 2020, 19:46:47 CET schrieb Rob Crittenden
via
>>>>>
>>>>> FreeIPA-users:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Günther J. Niederwimmer via FreeIPA-users wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> this is a new installed Server CentOS 7.7
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> but it is not possible to configure this for IPA replica
>>>>>>> I have this Error
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ipapython.admintool: ERROR [0:0:6]+[128:32:0] not in
asn1Spec:
>>>>>>>
GeneralName(componentType=NamedTypes(NamedType('rfc822Name',
>>>>>>> IA5String(tagSet=TagSet((), Tag(tagClass=128, tagFormat=0,
>>>>>>> tagId=1)))),
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> NamedType('dNSName', IA5String(tagSet=TagSet((),
Tag(tagClass=128,
>>>>>>> tagFormat=0, tagId=2)))), NamedType('directoryName',
>>>>>>> Name(componentType=NamedTypes(NamedType('',
RDNSequence())),
>>>>>>> tagSet=TagSet((),
>>>>>
>>>>>
>>>>>
>>>>> Tag(tagClass=128, tagFormat=0, tagId=4)))),
>>>>>
>>>>>
>>>>>
>>>>>>> NamedType('uniformResourceIdentifier',
IA5String(tagSet=TagSet((),
>>>>>>> Tag(tagClass=128, tagFormat=0, tagId=6)))),
NamedType('iPAddress',
>>>>>>> OctetString(tagSet=TagSet((), Tag(tagClass=128,
tagFormat=0,
>>>>>>> tagId=7)))),
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> NamedType('registeredID',
ObjectIdentifier('<no value>'))))
>>>>>>> ipapython.admintool: ERROR The ipa-replica-install
command
>>>>>>> failed.
>>>>>>> See
>>>>>>> /
>>>>>
>>>>>
>>>>>
>>>>> var/log/ipareplica-install.log for more information
>>>>>
>>>>>
>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I install before ipa-client-install, this is working but
afterward
>>>>>>> for
>>>>>>> the
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> replica i Have this Problem?
>>>>>
>>>>>
>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> firewall Ports are open.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> More context from the log would help.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I send it to you Rob
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> And can you confirm what version of python-pyasn1 is installed,
and
>>>>>> that
>>>>>> you don't have a pip-version installed.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> this version is installed
>>>>> Paket python2-pyasn1-0.1.9-7.el7.noarch
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> normal installation
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> It is blowing up trying to fetch the subject-alt names out of the
>>>> Apache
>>>> cert on the original master (ipa.xxx.xxx). You didn't happen to
>>>> replace
>>>> the Apache cert on ipa.xxx.xxx did you?
>>>
>>>
>>>
>>>
>>> NO, this is a "normal" Installation without changing anything ?
>>>
>>>
>>>
>>> I make no experiments with certificates?
>>>
>>>
>>>
>>> the only thing I remember
>>> I have set in host
>>>
>>>
>>>
>>> xxx.xxx.xxx.xxx
ipa.example.com
>>> 2000:yy:yy:yy:yy
ipa.example.com
>>> xxx.xxx.xxx.xxx ipa.example.com.lan
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>> Can you provide the PEM for that cert?
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>>> On ipa.xxx.xxx:
>>>> # certutil -L -d /etc/httpd/alias -n Server-Cert -a
>>>
>>>
>>>
>>>
>>> I have a normal certificate
>>> -----BEGIN CERTIFICATE-----
>>> ................................
>>> ................
>>> .........
>>> -----END CERTIFICATE-----
>>>
>>>
>>>
>>
>>
>>
>>
>> It could be useful for us to see the contents of the cert to see if we
>> can duplicate the failure.
>
>
> OK is on the way ;)
>
Can you provide the output of:
python -c 'from urllib3.contrib import pyopenssl'
there is NO output on master or replica
Thanks for the Help.
--
mit freundlichen Grüßen / best regards
Günther J. Niederwimmer