Re: check hostname option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Rich,

I'm running on ubuntu. Pretty much the same.

test environment:
dpkg -l | grep -i nss
ii  libnss3                             3.13.1.with.ckbi.1.88-1ubuntu6 Network Security Service libraries
ii  libnss3-1d                          3.13.1.with.ckbi.1.88-1ubuntu6 Network Security Service libraries
ii  libnss3-dev                         3.13.1.with.ckbi.1.88-1ubuntu6 Development files for the Network Security Service libraries

production environment:
dpkg -l | grep -i nss
ii  libnss3                              3.13.1.with.ckbi.1.88-1ubuntu6  Network Security Service libraries
ii  libnss3-1d                           3.13.1.with.ckbi.1.88-1ubuntu6  Network Security Service libraries
ii  libnss3-dev                          3.13.1.with.ckbi.1.88-1ubuntu6  Development files for the Network Security Service libraries


and mod_nss-1.0.8 on both.


On Thu, Dec 5, 2013 at 3:18 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
On 12/05/2013 10:12 AM, Alberto Viana wrote:
I have 2 389 running (389-Directory/1.3.2.6 and 389-Directory/1.3.1.3) with multiple master configuration.

When I set the option "check hostname against name in certificate for outbound SSL connections" the agreement does not work and shows me this error:

[05/Dec/2013:14:35:55 -0200] slapi_ldap_bind - Error: could not send bind request for id [uid=app.389.w,cn=config] authentication mechanism [SIMPLE]: error -1 (Can't contact LDAP server), system error -5987 (Invalid function argument.), network error 115 (Operation now in progress, host "hmg2.homolog.rnp")
[05/Dec/2013:14:35:55 -0200] NSMMReplicationPlugin - agmt="cn=389-HMG2" (hmg2:636): Replication bind with SIMPLE auth failed: LDAP error -1 (Can't contact LDAP server) ((unknown error code))


When I unset the option, everything works as expected.

Here's the subject of my certificates:
Subject: C=BR, ST=Rio de Janeiro, L=Rio de Janeiro, O=Rede Nacional de Ensino e Pesquisa, OU=GTI, CN=hmg3.homolog.rnp

Subject: C=BR, ST=Rio de Janeiro, L=Rio de Janeiro, O=Rede Nacional de Ensino e Pesquisa, OU=GTI, CN=hmg2.homolog.rnp

My DNS is configured correctly (the reverse too).

In my production enviroment this options works fine, but it's a little bit old (389-Directory/1.2.10.12)

What version of NSS do you have in your production environment?
What version of NSS do you have in your test environment?

rpm -q nss

Any clues?


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux