admin-serv error log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff Gamsby wrote:
>
> Jeff Gamsby
> Center for X-Ray Optics
> Lawrence Berkeley National Laboratory
> (510) 486-7783
>
>
>
> Richard Megginson wrote:
>> Jeff Gamsby wrote:
>>>
>>>
>>> Richard Megginson wrote:
>>>> Jeff Gamsby wrote:
>>>>>
>>>>> I am having a hard time getting the admin console to work in ssl 
>>>>> mode. I get this "notice" error in the admin serv logs, is it a 
>>>>> cause for concern? As far as I know, everything is setup correctly.
>>>>>
>>>>> [notice] [client xxx.xxx.xxx.xxx] admserv_host_ip_check: 
>>>>> ap_get_remote_host could not resolve xxx.xxx.xxx.xxx
>>>> This usually means reverse DNS is not working.
>>>>>
>>>>> I have created the certificates,
>>>> Following the SSL howto at 
>>>> http://directory.fedora.redhat.com/wiki/Howto:SSL ?
>>>
>>> Yes, but instead of creating an admin-serv-<serverID>- I copied the 
>>> slapd-<serverID>- cert db's over.
>>> It is true that I can use these same certs?
>> I think so, but I've never tried it that way.
>>>
>>> I tried creating the admin certs db's seperately and importing the 
>>> CA cert, but that did't work either.
>>>
>>> I had this working a few weeks ago, I'm not sure what has changed.
>> What, if anything, has changed?
> I blew away the server and started over. When I had password sync 
> problems with AD, I reinstalled the server several times. Each time I 
> reinstall, I delete the /opt/fedora-ds directory.
>
> I don't really care about the admin console in SSL mode, I can use the 
> Linux console or X, but I need the Sync agreements to run SSL in both 
> directions, and so far, the only way I been able to establish that is 
> when the admin console is in SSL mode. Unless there is another way.
Well, one thing is that if you recreate the CA cert you'll need to copy 
that CA cert to all clients who use it.

You can use ldapsearch to verify the LDAPS connections to the SSL 
enabled directory servers (FDS and AD).

Someone recently published steps to make windows sync work both ways 
with SSL to the fds users email list.  Check the archives.  I think 
someone was going to update the wiki with this information.
>>>
>>>>> then copied the slapd-<server>-* files to admin-serv-*, then tried 
>>>>> to enable SSL in the admin console. I have followed the directions 
>>>>> from "Managing SSL and SASL" but I get the error "Invalid LDAP 
>>>>> Host/IP, could not connect to server in secure mode" when I change 
>>>>> to secure mode in the "User DS" tab.
>>>> This error is from the console?  Try using startconsole -D
>>> Using this method I get this error:
>>>
>>> validateLDAPParams netscape.ldap.LDAPException: 
>>> JSSSocketFactory.makeSocket fds.server.example.com:636, 
>>> SSL_ForceHandshake failed: (-8054) Unknown error (91); Cannot 
>>> connect to the LDAP server
>>>>>
>>>>> Any suggestions?
>>>>>
>>>>> Thanks,
>>>>> Jeff
>>>>>
>>>>> -- 
>>>>> Fedora-directory-users mailing list
>>>>> Fedora-directory-users at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> -- 
>>>> Fedora-directory-users mailing list
>>>> Fedora-directory-users at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>>   
>>>
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> ------------------------------------------------------------------------
>>
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>   
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060620/19ed29ca/attachment.bin 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux