Peter Zoltan Keresztes (zozo) via FreeIPA-users wrote:
The service is up and running. I am able to access it via cli. Apache
is also running. There is not yet firewall installed on the server. This is what I can now
see in the apache access and error logs:
==> apache2/error.log <==
[Thu Jun 20 17:35:14.632329 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] mod_wsgi (pid=13793): Exception occurred processing WSGI script
'/usr/share/ipa/wsgi.py'.
[Thu Jun 20 17:35:14.632554 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] Traceback (most recent call last):
[Thu Jun 20 17:35:14.632698 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File "/usr/share/ipa/wsgi.py", line 57, in application
[Thu Jun 20 17:35:14.632874 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] return api.Backend.wsgi_dispatch(environ, start_response)
[Thu Jun 20 17:35:14.632944 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 265, in
__call__
[Thu Jun 20 17:35:14.632984 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] return self.route(environ, start_response)
[Thu Jun 20 17:35:14.633004 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 277, in route
[Thu Jun 20 17:35:14.633056 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] return app(environ, start_response)
[Thu Jun 20 17:35:14.633092 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 935, in
__call__
[Thu Jun 20 17:35:14.633135 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] self.kinit(user_principal, password, ipa_ccache_name)
[Thu Jun 20 17:35:14.633157 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File
"/usr/lib/python2.7/dist-packages/ipaserver/rpcserver.py", line 971, in kinit
[Thu Jun 20 17:35:14.633191 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] pkinit_anchors=[paths.KDC_CERT, paths.KDC_CA_BUNDLE_PEM],
[Thu Jun 20 17:35:14.633214 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File
"/usr/lib/python2.7/dist-packages/ipalib/install/kinit.py", line 125, in
kinit_armor
[Thu Jun 20 17:35:14.633294 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] run(args, env=env, raiseonerr=True, capture_error=True)
[Thu Jun 20 17:35:14.633330 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] File
"/usr/lib/python2.7/dist-packages/ipapython/ipautil.py", line 572, in run
[Thu Jun 20 17:35:14.633375 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] p.returncode, arg_string, output_log, error_log
[Thu Jun 20 17:35:14.633554 2019] [wsgi:error] [pid 13793:tid 139866363823872] [remote
79.119.170.85:50987] CalledProcessError: CalledProcessError(Command
['/usr/bin/kinit', '-n', '-c',
'/var/run/ipa/ccaches/armor_13793', '-X',
'X509_anchors=FILE:/var/lib/krb5kdc/kdc.crt', '-X',
'X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem'] returned non-zero
exit status 1: "kinit: Pre-authentication failed: Cannot open file
'/var/lib/krb5kdc/kdc.crt': Permission denied while getting initial
credentials\\n")
So does that file exist and is it readable? What is confusing is on
Debian-based systems it looks like that should be
/var/lib/iap/certs/kdc.crt.
I'd suggest looking closely at /var/log/ipaserver-install.log and
/var/log/ipaclient-install.log to be sure that both were successful. If
not then you have a partial install and will likely continue to run into
issues like this.
rob
==> apache2/access.log <==
79.119.170.85 - - [20/Jun/2019:17:35:14 -0400] "POST /ipa/session/login_password
HTTP/1.1" 500 1221 "https://ipadev.redcapcloud.com/ipa/ui/"
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Firefox/52.0
SeaMonkey/2.49.4”
> On 21 Jun 2019, at 00:32, John Keates <john(a)keates.nl> wrote:
>
> Start at the beginning:
>
> - Is the install running? (ipactl status)
> - Is apache listening (ss -l or netstar -l or systemctl status
apache2/httpd/apache/whatverthenameis)
> - Is the firewall letting you in?
> - What does /var/log/apache2 or /var/log/httpd or whatever it’s configured to log to
say?
>
> John
>
>> On 20 Jun 2019, at 23:30, Peter Zoltan Keresztes (zozo) via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
>>
>> Hello,
>>
>> I have just installed the new freeipa on ubuntu18.04 and I am trying to login as
admin in the web ui but I am not able to do it so. I was looking for any kind of logs but
I don’t seam to find a way to debug the problem
>> Any suggestion where to start looking?
>>
>> Regards
>> Peter
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
>> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...