[Pkg-freeipa-devel] Bug#970880: Bug#970880: Bug#970880: Bug#970880: Bug#970880: freeipa-server: FreeIPA server installation fails with Certificate issuance failed (CA_REJECTED)
Spencer Olson
olsonse at umich.edu
Tue Oct 12 16:53:14 BST 2021
On Sun, Oct 10, 2021 at 12:58 PM Timo Aaltonen <tjaalton at debian.org> wrote:
>
> >
> >
> > Maybe the CI will finish before I can get back to my testing.
>
> And it did, this error is fixed now :)
>
> But it fails later on, so there's some work still to catch up with the
> current distro, but at least this particular annoyance is resolved, so
> many thanks for figuring it out! I was sure the reason was something
> silly and related to the SSL stack (or maybe ciphers) but was blind to
> see it.
I borrowed the .deb packages from the build artifacts and tested more.
You probably already have this fixed but,
* /var/lib/gssproxy directory has to be created so that gssproxy can
be started.
I manually created the path and ran the script again. It passes the
gssproxy error that the CI got stuck on, but it failed at creating the
client with this error:
DEBUG The ipa-client-install command failed, exception: KerberosError:
No valid Negotiate header in server response
2021-10-11T09:32:49Z ERROR No valid Negotiate header in server response
I've found a few posts online with errors similar to this in 2019 (one
"solution" supposedly posted on RedHat's site that I don't have access
to). But, I haven't figured this one out yet. Perhaps you already
know how to fix this one.
-Spencer
More information about the Pkg-freeipa-devel
mailing list