Yep, all services are running. This is from the Apache error log,
right after login and trying to load the Users page:
[Mon Jul 22 10:12:35.083278 2019] [:error] [pid 14474] ipa: DEBUG: WSGI
wsgi_dispatch.__call__:
[Mon Jul 22 10:12:35.083381 2019] [:error] [pid 14474] ipa: DEBUG: WSGI
login_password.__call__:
[Mon Jul 22 10:12:35.083996 2019] [:error] [pid 14474] ipa: DEBUG: Obtaining armor in
ccache /var/run/ipa/ccaches/armor_14474
[Mon Jul 22 10:12:35.084074 2019] [:error] [pid 14474] ipa: DEBUG: Initializing anonymous
ccache
[Mon Jul 22 10:12:35.084211 2019] [:error] [pid 14474] ipa: DEBUG: Starting external
process
[Mon Jul 22 10:12:35.084261 2019] [:error] [pid 14474] ipa: DEBUG: args=/usr/bin/kinit -n
-c /var/run/ipa/ccaches/armor_14474 -X X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X
X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
[Mon Jul 22 10:12:35.135499 2019] [:error] [pid 14474] ipa: DEBUG: Process finished,
return code=0
[Mon Jul 22 10:12:35.135593 2019] [:error] [pid 14474] ipa: DEBUG: stdout=
[Mon Jul 22 10:12:35.135638 2019] [:error] [pid 14474] ipa: DEBUG: stderr=
[Mon Jul 22 10:12:35.135866 2019] [:error] [pid 14474] ipa: DEBUG: Initializing principal
admin using password
[Mon Jul 22 10:12:35.135925 2019] [:error] [pid 14474] ipa: DEBUG: Using armor ccache
/var/run/ipa/ccaches/armor_14474 for FAST webauth
[Mon Jul 22 10:12:35.135968 2019] [:error] [pid 14474] ipa: DEBUG: Using enterprise
principal
[Mon Jul 22 10:12:35.136067 2019] [:error] [pid 14474] ipa: DEBUG: Starting external
process
[Mon Jul 22 10:12:35.136112 2019] [:error] [pid 14474] ipa: DEBUG: args=/usr/bin/kinit
admin -c /var/run/ipa/ccaches/kinit_14474 -T /var/run/ipa/ccaches/armor_14474 -E
[Mon Jul 22 10:12:35.163806 2019] [:error] [pid 14474] ipa: DEBUG: Process finished,
return code=0
[Mon Jul 22 10:12:35.163895 2019] [:error] [pid 14474] ipa: DEBUG: stdout=Password for
admin(a)DOMAIN.NZ:
[Mon Jul 22 10:12:35.163903 2019] [:error] [pid 14474]
[Mon Jul 22 10:12:35.163942 2019] [:error] [pid 14474] ipa: DEBUG: stderr=
[Mon Jul 22 10:12:35.164042 2019] [:error] [pid 14474] ipa: DEBUG: Cleanup the armor
ccache
[Mon Jul 22 10:12:35.164154 2019] [:error] [pid 14474] ipa: DEBUG: Starting external
process
[Mon Jul 22 10:12:35.164198 2019] [:error] [pid 14474] ipa: DEBUG: args=/usr/bin/kdestroy
-A -c /var/run/ipa/ccaches/armor_14474
[Mon Jul 22 10:12:35.172420 2019] [:error] [pid 14474] ipa: DEBUG: Process finished,
return code=0
[Mon Jul 22 10:12:35.172516 2019] [:error] [pid 14474] ipa: DEBUG: stdout=
[Mon Jul 22 10:12:35.172565 2019] [:error] [pid 14474] ipa: DEBUG: stderr=
[Mon Jul 22 10:12:35.189068 2019] [:error] [pid 14474] ipa: INFO: Starting new HTTP
connection (1): intauth-e.domain.nz
[Mon Jul 22 10:12:35.190276 2019] [:error] [pid 14474] ipa: DEBUG: "GET
/ipa/session/cookie HTTP/1.1" 301 259
[Mon Jul 22 10:12:35.192124 2019] [:error] [pid 14474] ipa: INFO: Starting new HTTPS
connection (1): intauth-e.domain.nz
[Mon Jul 22 10:12:35.214459 2019] [:error] [pid 14474] ipa: DEBUG: "GET
/ipa/session/cookie HTTP/1.1" 200 0
[Mon Jul 22 10:12:35.708087 2019] [:error] [pid 14475] ipa: DEBUG: WSGI
wsgi_dispatch.__call__:
[Mon Jul 22 10:12:35.708190 2019] [:error] [pid 14475] ipa: DEBUG: WSGI
jsonserver_session.__call__:
[Mon Jul 22 10:12:35.722673 2019] [:error] [pid 14475] ipa: DEBUG: Created connection
context.ldap2_140655759869968
[Mon Jul 22 10:12:35.722743 2019] [:error] [pid 14475] ipa: DEBUG: WSGI
jsonserver.__call__:
[Mon Jul 22 10:12:35.722798 2019] [:error] [pid 14475] ipa: DEBUG: WSGI
WSGIExecutioner.__call__:
[Mon Jul 22 10:12:35.732842 2019] [:error] [pid 14475] ipa: DEBUG: raw:
user_find(u'', sizelimit=0, version=u'2.230', pkey_only=True)
[Mon Jul 22 10:12:35.733197 2019] [:error] [pid 14475] ipa: DEBUG: user_find(None,
sizelimit=0, whoami=False, all=False, raw=False, version=u'2.230',
no_members=True, pkey_only=True)
[Mon Jul 22 10:12:35.735792 2019] [:error] [pid 14475] ipa: DEBUG: retrieving schema for
SchemaCache url=ldapi://%2fvar%2frun%2fslapd-DOMAIN-NZ.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fecf7febcb0>
[Mon Jul 22 10:12:35.963886 2019] [:warn] [pid 14478] [client 10.0.201.253:18606] failed
to set perms (3140) on file (/var/run/ipa/ccaches/admin(a)DOMAIN.NZ)!, referer:
https://intauth-e.domain.nz/ipa/ui/
[Mon Jul 22 10:12:35.964864 2019] [:error] [pid 14473] ipa: DEBUG: WSGI
wsgi_dispatch.__call__:
[Mon Jul 22 10:12:35.964951 2019] [:error] [pid 14473] ipa: DEBUG: WSGI
jsonserver_session.__call__:
[Mon Jul 22 10:12:35.975471 2019] [:error] [pid 14473] ipa: DEBUG: Created connection
context.ldap2_140655759869968
[Mon Jul 22 10:12:35.975538 2019] [:error] [pid 14473] ipa: DEBUG: WSGI
jsonserver.__call__:
[Mon Jul 22 10:12:35.975597 2019] [:error] [pid 14473] ipa: DEBUG: WSGI
WSGIExecutioner.__call__:
[Mon Jul 22 10:12:35.985387 2019] [:error] [pid 14473] ipa: DEBUG: raw:
user_find(u'', sizelimit=0, version=u'2.230', pkey_only=True)
[Mon Jul 22 10:12:35.985762 2019] [:error] [pid 14473] ipa: DEBUG: user_find(None,
sizelimit=0, whoami=False, all=False, raw=False, version=u'2.230',
no_members=True, pkey_only=True)
[Mon Jul 22 10:12:35.988056 2019] [:error] [pid 14473] ipa: DEBUG: retrieving schema for
SchemaCache url=ldapi://%2fvar%2frun%2fslapd-DOMAIN-NZ.socket
conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fecf7febcb0>
[Mon Jul 22 10:12:36.021489 2019] [:error] [pid 14475] ipa: INFO: [jsonserver_session]
admin(a)DOMAIN.NZ: user_find(u'', sizelimit=0, version=u'2.230',
pkey_only=True): SUCCESS
[Mon Jul 22 10:12:36.022673 2019] [:error] [pid 14475] ipa: DEBUG: Destroyed connection
context.ldap2_140655759869968
[Mon Jul 22 10:12:36.272817 2019] [:error] [pid 14473] ipa: INFO: [jsonserver_session]
admin(a)DOMAIN.NZ: user_find(u'', sizelimit=0, version=u'2.230',
pkey_only=True): SUCCESS
[Mon Jul 22 10:12:36.273918 2019] [:error] [pid 14473] ipa: DEBUG: Destroyed connection
context.ldap2_140655759869968
[Mon Jul 22 10:14:03.993422 2019] [:error] [pid 14477] SSL Library Error: -12195 Peer
does not recognize and trust the CA that issued your certificate
The certificate is same self-signed certificate that was created during installation by
the installer.
Though it's only a warning, I temporarily set 777 perms on this file
"/var/run/ipa/ccaches/admin(a)DOMAIN.NZ" to see if it would help. It didn't.
The file is updated frequently anyway (owned by ipaapi) so I think that warning is a red
herring.
I think the certificate error might be a red herring. The other requests
look like they are working fine. You could double-check this by trying
again on a quiet system to confirm that no errors are thrown.
I looked at the client side you had provided earlier and it failed with
a CCacheError. Had you done a kinit beforehand? The above shows requests
coming in, can you show the client-side for this?
rob