Hi, we just upgraded one of our FreeIPA 4.4 to FreeIPA 4.5 (running on RHEL) 
and wanted to put this here before creating a bug report with RedHat. 

After upgrading we are unable to log into web-ui but everything else seems to 
be working OK. 

WBR-UI gives us an: "Login failed due to an unknown reason" 

I see this in the httpd error log: 

[Mon Aug 07 15:27:55.404965 2017] [:error] [pid 1963] [remote] 
mod_wsgi (pid=1963): Exception occurred processing WSGI script 
[Mon Aug 07 15:27:55.405090 2017] [:error] [pid 1963] [remote] 
Traceback (most recent call last): 
[Mon Aug 07 15:27:55.405155 2017] [:error] [pid 1963] [remote] 
File "/usr/share/ipa/wsgi.py", line 51, in application 
[Mon Aug 07 15:27:55.405341 2017] [:error] [pid 1963] [remote] 
return api.Backend.wsgi_dispatch(environ, start_response) 
[Mon Aug 07 15:27:55.405384 2017] [:error] [pid 1963] [remote] 
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in 
[Mon Aug 07 15:27:55.405985 2017] [:error] [pid 1963] [remote] 
return self.route(environ, start_response) 
[Mon Aug 07 15:27:55.406040 2017] [:error] [pid 1963] [remote] 
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in 
[Mon Aug 07 15:27:55.406097 2017] [:error] [pid 1963] [remote] 
return app(environ, start_response) 
[Mon Aug 07 15:27:55.406127 2017] [:error] [pid 1963] [remote] 
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 929, in 
[Mon Aug 07 15:27:55.406153 2017] [:error] [pid 1963] [remote] 
self.kinit(user_principal, password, ipa_ccache_name) 
[Mon Aug 07 15:27:55.406178 2017] [:error] [pid 1963] [remote] 
File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 965, in 
[Mon Aug 07 15:27:55.406200 2017] [:error] [pid 1963] [remote] 
pkinit_anchors=[paths.KDC_CERT, paths.KDC_CA_BUNDLE_PEM], 
[Mon Aug 07 15:27:55.406218 2017] [:error] [pid 1963] [remote] 
File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 125, in 
[Mon Aug 07 15:27:55.406368 2017] [:error] [pid 1963] [remote] 
run(args, env=env, raiseonerr=True, capture_error=True) 
[Mon Aug 07 15:27:55.406402 2017] [:error] [pid 1963] [remote] 
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 511, in run 
[Mon Aug 07 15:27:55.407040 2017] [:error] [pid 1963] [remote] 
raise CalledProcessError(p.returncode, arg_string, str(output)) 
[Mon Aug 07 15:27:55.407135 2017] [:error] [pid 1963] [remote] 
CalledProcessError: Command '/usr/bin/kinit -n -c 
/var/run/ipa/ccaches/armor_1963 -X 
X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X 
X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem' returned non-zero 
exit status 1 

Natually, first thing I tried was disabling SELinux, and reboot, but same 

IPA is version: ipa-server-4.5.0-21.el7.x86_64 
(replica being latest 4.4 on RHEL but not sure we dare updating this). 

Problem seems much like this: 
But Again, not entirely and that seemes SELinux related and things doesn't 
seems to be SELinux related here. 

Also, trying the kinit listed in the error log asks for password. I suspect 
that this should succeed? 

/usr/bin/kinit -n -c /var/run/ipa/ccaches/armor_1982 -X 
X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X 
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to