After install FreeIPA server - ipa: WARNING: Failed to read schema: [Errno 13] Permission denied...
I tried to install the FreeIPA server as suggested here: https://computingforgeeks.com/install-and-configure-freeipa-server-on-ubuntu...
It seems to be all right:
:~$ kinit admin ---- > Ok
:~$ klist Ticket cache: KEYRING:persistent:1000:1000 Default principal: admin@TEST.BED
Valid starting Expires Service principal 01/20/2020 10:50:10 01/21/2020 10:49:19 HTTP/master1.test.bed@TEST.BED 01/20/2020 10:49:24 01/21/2020 10:49:19 krbtgt/TEST.BED@TEST.BED
but the command ipa-user-find return:
:~$ ipa-user-find admin ipa: WARNING: Failed to read schema: [Errno 13] Permission denied: u'/home/bed/.cache/ipa/schema/1/84c19d36' ipa: WARNING: Failed to write schema: [Errno 13] Permission denied: '/home/bed/.cache/ipa/schema/1/84c19d36mC4GkY' ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: u'/home/bed/.cache/ipa/servers/master1.test.bed' -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin@TEST.BED UID: 1382000000 GID: 1382000000 Account disabled: False ---------------------------- Number of entries returned 1 ----------------------------
If I try to login with the web interface this is answer: "Login failed due to an unknown reason" (browser configured with certificate)
The user "bed" is the sudoer user created during linux server installation, and is the only one at FreeIPA server install time
Any advice? Thanks B-)
On 1/21/20 10:46 AM, Bedrosian Baol via FreeIPA-users wrote:
I tried to install the FreeIPA server as suggested here: https://computingforgeeks.com/install-and-configure-freeipa-server-on-ubuntu...
It seems to be all right:
:~$ kinit admin ---- > Ok
:~$ klist Ticket cache: KEYRING:persistent:1000:1000 Default principal: admin@TEST.BED
Valid starting Expires Service principal 01/20/2020 10:50:10 01/21/2020 10:49:19 HTTP/master1.test.bed@TEST.BED 01/20/2020 10:49:24 01/21/2020 10:49:19 krbtgt/TEST.BED@TEST.BED
but the command ipa-user-find return:
:~$ ipa-user-find admin ipa: WARNING: Failed to read schema: [Errno 13] Permission denied: u'/home/bed/.cache/ipa/schema/1/84c19d36' ipa: WARNING: Failed to write schema: [Errno 13] Permission denied: '/home/bed/.cache/ipa/schema/1/84c19d36mC4GkY' ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: u'/home/bed/.cache/ipa/servers/master1.test.bed'
Hi,
All the ipa * commands are using a cache located in the user's home directory. Can you check the permissions on the directories/files mentioned in the above error message? You may also need to check the owner and the selinux context. Basically, the "bed" user needs read and write access.
flo
1 user matched
User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash Principal alias: admin@TEST.BED UID: 1382000000 GID: 1382000000 Account disabled: False
Number of entries returned 1
If I try to login with the web interface this is answer: "Login failed due to an unknown reason" (browser configured with certificate)
The user "bed" is the sudoer user created during linux server installation, and is the only one at FreeIPA server install time
Any advice? Thanks B-) _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Thank's for reply
This are the results:
:$ ls -la /home/bed/.cache/ total 12 drwx------ 3 bed bed 4096 Jan 20 11:42 . drwxr-xr-x 6 bed bed 4096 Jan 21 18:13 .. drwxr-xr-x 4 root root 4096 Jan 20 11:42 ipa -rw-r--r-- 1 bed bed 0 Jan 8 12:10 motd.legal-displayed :$
and
$ ls -la /home/bed/.cache/ipa/schema/1/84c19d36 -rw------- 1 root root 434806 Jan 20 11:42 /home/bed/.cache/ipa/schema/1/84c19d36
then I have execute:
$ sudo find /home/bed/.cache/ -type d -exec chmod 755 {} ; $ sudo find /home/bed/.cache/ -type f -exec chmod 644 {} ;
now the command: ipa user-find admin only one Warning:
ipa: WARNING: Failed to write server info: [Errno 13] Permission denied: u'/home/bed/.cache/ipa/servers/master1.test.bed'
then I've change the owner:
$ sudo chown bed /home/bed/.cache/ipa/servers/master1.test.bed
after this, even the last warning no longer occurred
Now the question about the web access interface problem:
as suggested by many:
$ sudo chmod a+x /var/lib/krb5kdc
resolve the problem.
Thanks a lot!
B.
freeipa-users@lists.fedorahosted.org
-
Bedrosian Baol -
Florence Blanc-Renaud