I'm in the middle of standing up some new replicas and retiring some old ones. I've got 4 new replicas that appear to be working except I can't login to the web interface on three of them. Thought I had gone through the installation in the same way on all four but can't login on three. Is this something that's known with a fairly quick and easy fix?
Stephen Berg, Code 7309 via FreeIPA-users wrote:
I'm in the middle of standing up some new replicas and retiring some old ones. I've got 4 new replicas that appear to be working except I can't login to the web interface on three of them. Thought I had gone through the installation in the same way on all four but can't login on three. Is this something that's known with a fairly quick and easy fix?
We're going to need a bit more information. What do you see when it doesn't log in? Does the cli work? (ipa user-show admin) What is logged in /var/log/httpd/error_log?
rob
On 11/17/2021 9:11 AM, Rob Crittenden wrote:
Stephen Berg, Code 7309 via FreeIPA-users wrote:
I'm in the middle of standing up some new replicas and retiring some old ones. I've got 4 new replicas that appear to be working except I can't login to the web interface on three of them. Thought I had gone through the installation in the same way on all four but can't login on three. Is this something that's known with a fairly quick and easy fix?
We're going to need a bit more information. What do you see when it doesn't log in? Does the cli work? (ipa user-show admin) What is logged in /var/log/httpd/error_log?
rob
I was busy collecting more info and hit send by mistake.
All five servers are Rocky Linux 8.5, ipa-server is 4.9.6-6 on all. One of them is an older server destined to be retired soon. Two of the new replicas are not letting me login using my user credentials or the admin account. The other 3 work just fine. The only error in the browser is "Login failed due to an unknown reason"
/var/log/httpd/errors.log: [Wed Nov 17 09:16:38.765186 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] mod_wsgi (pid=4271): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Wed Nov 17 09:16:38.765863 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] Traceback (most recent call last): [Wed Nov 17 09:16:38.765894 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipaserver/wsgi.py", line 71, in application [Wed Nov 17 09:16:38.765898 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] return api.Backend.wsgi_dispatch(environ, start_response) [Wed Nov 17 09:16:38.765901 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 301, in __call__ [Wed Nov 17 09:16:38.765903 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] return self.route(environ, start_response) [Wed Nov 17 09:16:38.765906 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 313, in route [Wed Nov 17 09:16:38.765909 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] return app(environ, start_response) [Wed Nov 17 09:16:38.765911 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 1065, in __call__ [Wed Nov 17 09:16:38.765913 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] ipa_ccache_name, use_armor=True) [Wed Nov 17 09:16:38.765916 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 995, in attempt_kinit [Wed Nov 17 09:16:38.765918 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] ipa_ccache_name, use_armor=use_armor) [Wed Nov 17 09:16:38.765921 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 1094, in kinit [Wed Nov 17 09:16:38.765923 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] pkinit_anchors=[paths.KDC_CERT, paths.KDC_CA_BUNDLE_PEM], [Wed Nov 17 09:16:38.765926 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipalib/install/kinit.py", line 129, in kinit_armor [Wed Nov 17 09:16:38.765929 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] run(args, env=env, raiseonerr=True, capture_error=True) [Wed Nov 17 09:16:38.765932 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] File "/usr/lib/python3.6/site-packages/ipapython/ipautil.py", line 599, in run [Wed Nov 17 09:16:38.765934 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] p.returncode, arg_string, output_log, error_log [Wed Nov 17 09:16:38.765950 2021] [wsgi:error] [pid 4271:tid 139952266512128] [remote <IP>:63604] ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/usr/bin/kinit', '-n', '-c', '/run/ipa/ccaches/armor_4271', '-X', 'X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt', '-X', 'X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem'] returned non-zero exit status 1: 'kinit: Cannot read password while getting initial credentials\n')
freeipa-users@lists.fedorahosted.org
-
Rob Crittenden -
Stephen Berg, Code 7309