[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] sudden ipa errors.

Lager, Nathan T. wrote:

----- Original Message -----
From: "Rob Crittenden" <rcritten redhat com>
To: "Nathan Lager" <lagern lafayette edu>
Cc: freeipa-users redhat com
Sent: Wednesday, September 19, 2012 4:35:30 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
Nathan Lager wrote:
Hash: SHA1

On 09/19/2012 03:47 PM, Rob Crittenden wrote:
Dmitri Pal wrote:

Rob, keytab and kerberos part seems to be fine, ldap works too.
Can it be one of the certs? May be some cert expired?

No, the error is coming from GSSAPI, it is unfortunately
completely useless. I think we've pretty well narrowed down the
problem to httpd/mod_auth_kerb but I don't know yet if this is a
configuration issue or a bug.

Nathan, can you show me your /etc/httpd/conf.d/ipa.conf?
Sure, as far as I know its completely stock, aside from the krb
password auth change.

Yup, configuration looks fine.

Ok, let's eliminate the ipa tool as the problem and try curl:

Create a file test.json with these contents:


then run this:

curl -H "Content-Type:application/json" -H "Accept:application/json"
"Accept-Language:en" -H "Referer:
https://caroline0.lafayette.edu/ipa/xml"; --negotiate -u : --cacert
/etc/ipa/ca.crt -d @test.json -X POST

Seems to be running into the same trouble.

[lagern caroline0 PROD ~]$ curl -H "Content-Type:application/json" -H "Accept:application/json" -H "Accept-Language:en" -H "Referer: https://caroline0.lafayette.edu/ipa/xml"; --negotiate -u : --cacert /etc/ipa/ca.crt -d  @test.json -X POST https://caroline0.lafayette.edu/ipa/json
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator,
  root localhost and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<address>Apache/2.2.15 (Red Hat) Server at caroline0.lafayette.edu Port 443</address>

Ok, need to gather some more info:

# kvno HTTP/caroline0.lafayette.edu
# klist -kt /etc/httpd/conf/ipa.keytab


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]