[Freeipa-users] sudden ipa errors.

Lager, Nathan T. lagern at lafayette.edu
Thu Sep 20 11:24:21 UTC 2012 

----- Original Message -----
> From: "Rob Crittenden" <rcritten at redhat.com>
> To: "Nathan Lager" <lagern at lafayette.edu>
> Cc: freeipa-users at redhat.com
> Sent: Wednesday, September 19, 2012 4:35:30 PM
> Subject: Re: [Freeipa-users] sudden ipa errors.
> Nathan Lager wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >
> > On 09/19/2012 03:47 PM, Rob Crittenden wrote:
> >> Dmitri Pal wrote:
> >>>
> >>> Rob, keytab and kerberos part seems to be fine, ldap works too.
> >>> Can it be one of the certs? May be some cert expired?
> >>
> >> No, the error is coming from GSSAPI, it is unfortunately
> >> completely useless. I think we've pretty well narrowed down the
> >> problem to httpd/mod_auth_kerb but I don't know yet if this is a
> >> configuration issue or a bug.
> >>
> >> Nathan, can you show me your /etc/httpd/conf.d/ipa.conf?
> > Sure, as far as I know its completely stock, aside from the krb
> > password auth change.
> 
> Yup, configuration looks fine.
> 
> Ok, let's eliminate the ipa tool as the problem and try curl:
> 
> Create a file test.json with these contents:
> 
> {"method":"batch","params":[[
> {"method":"user_show","params":[["admin"],{"all":false}]}
> ],{}],"id":1}
> 
> then run this:
> 
> curl -H "Content-Type:application/json" -H "Accept:application/json"
> -H
> "Accept-Language:en" -H "Referer:
> https://caroline0.lafayette.edu/ipa/xml" --negotiate -u : --cacert
> /etc/ipa/ca.crt -d @test.json -X POST
> https://caroline0.lafayette.edu/ipa/json
> 
Seems to be running into the same trouble.

[lagern at caroline0 PROD ~]$ curl -H "Content-Type:application/json" -H "Accept:application/json" -H "Accept-Language:en" -H "Referer: https://caroline0.lafayette.edu/ipa/xml" --negotiate -u : --cacert /etc/ipa/ca.crt -d  @test.json -X POST https://caroline0.lafayette.edu/ipa/json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator,
 root at localhost and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at caroline0.lafayette.edu Port 443</address>
</body></html>



> This does the equivalent of an: ipa user-show admin
> 
> rob

More information about the Freeipa-users mailing list