Bug 1207649
| Summary: | host certificate not issued to client during ipa-client-install | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kaleem <ksiddiqu> | ||||||
| Component: | ipa | Assignee: | Jan Cholasta <jcholast> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | urgent | ||||||||
| Version: | 6.7 | CC: | jgalipea, mkosek, pvoborni, rcritten | ||||||
| Target Milestone: | rc | Keywords: | Regression, TestBlocker | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | ipa-3.0.0-46.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: |
Regression bug fix, do not document.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2015-07-22 07:39:54 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Kaleem
2015-03-31 12:20:31 UTC
Created attachment 1012224 [details] Fix Attached a patch with a fix. Note that this is caused by the fix for bug 1154776. Verified.
IPA Version:
============
On Server:
[root@dhcp207-230 ~]# rpm -q ipa-server pki-ca
ipa-server-3.0.0-46.el6.x86_64
pki-ca-9.0.3-41.el6.noarch
[root@dhcp207-230 ~]#
On Client:
[root@dhcp207-223 ~]# rpm -q ipa-client certmonger
ipa-client-3.0.0-46.el6.x86_64
certmonger-0.77.2-1.el6.x86_64
[root@dhcp207-223 ~]#
Console output snip:
====================
[root@dhcp207-223 ~]# ipa-client-install -U --domain=testrelm.test --realm=TESTRELM.TEST -p admin -w xxxxxxxx --server=dhcp207-230.testrelm.test
Hostname: dhcp207-223.testrelm.test
Realm: TESTRELM.TEST
DNS Domain: testrelm.test
IPA Server: dhcp207-230.testrelm.test
BaseDN: dc=testrelm,dc=test
Synchronizing time with KDC...
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=TESTRELM.TEST
Issuer: CN=Certificate Authority,O=TESTRELM.TEST
Valid From: Tue Apr 21 15:20:44 2015 UTC
Valid Until: Sat Apr 21 15:20:44 2035 UTC
Enrolled in IPA realm TESTRELM.TEST
Attempting to get host TGT...
.....
SSSD enabled
Configuring testrelm.test as NIS domain
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Client configuration complete.
[root@dhcp207-223 ~]# ipa-getcert list
Number of certificates and requests being tracked: 1.
Request ID '20150422070325':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - dhcp207-223.testrelm.test',token='NSS Certificate DB'
certificate: type=NSSDB,location='/etc/pki/nssdb',nickname='IPA Machine Certificate - dhcp207-223.testrelm.test',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=TESTRELM.TEST
subject: CN=dhcp207-223.testrelm.test,O=TESTRELM.TEST
expires: 2017-04-22 07:03:26 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
[root@dhcp207-223 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1462.html |