Hi,
After a bit more searching - my issue looks exactly like this one:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
I also have the same error in /var/log/pki/pki-tomcat/kra/system:
0.ajp-bio-127.0.0.1-8009-exec-1 - [20/Sep/2019:00:04:55 CEST] [6] [3] Cannot authenticate
agent with certificate Serial 0x7 Subject DN CN=IPA RA,O=IMS.DCN.TELEKOM.DE. Error: User
not found
And I checked the value stored under uid=ipara, it seems to match exactly the RA cert from
/var/lib/ipa/ra-agent.pem.
Any other place to check...?
---
Regards,
Dmitry Perets