[Freeipa-users] Web UI login fails after upgrading to 4.5

Marius Bjørnstad via FreeIPA-users Thu, 05 Oct 2017 03:06:43 -0700

Hi all,

After I upgraded to FreeIPA 4.5 (on CentOS 7), I get an error "Login failed due 
to an unknown reason" on the web UI, no matter if I use the admin user or my 
personal user. From what I can tell, all the ipa commands work fine on the 
command line, and kinit also works fine.


I have included some output from /var/log/httpd/error_log below.  It would be 
great if someone could make a guess (or better) at what is going wrong, or 
which logs to look at, etc. 

When I run the command in the CalledProcessError, I get a password prompt for 
WELLKNOWN/anonym...@ous.nsc.LOCAL (the second part is the realm name). 

Thanks,
Marius

[Thu Oct 05 11:36:34.898930 2017] [core:notice] [pid 7417] SELinux policy 
enabled; httpd running as context system_u:system_r:httpd_t:s0
[Thu Oct 05 11:36:34.899649 2017] [suexec:notice] [pid 7417] AH01232: suEXEC 
mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 05 11:36:34.899669 2017] [:warn] [pid 7417] NSSSessionCacheTimeout is 
deprecated. Ignoring.
[Thu Oct 05 11:36:35.065273 2017] [auth_digest:notice] [pid 7417] AH01757: 
generating secret for digest authentication ...
[Thu Oct 05 11:36:35.065933 2017] [lbmethod_heartbeat:notice] [pid 7417] 
AH02282: No slotmem from mod_heartmonitor
[Thu Oct 05 11:36:35.065947 2017] [:warn] [pid 7417] NSSSessionCacheTimeout is 
deprecated. Ignoring.
[Thu Oct 05 11:36:35.100828 2017] [mpm_prefork:notice] [pid 7417] AH00163: 
Apache/2.4.6 (CentOS) mod_auth_gssapi/1.5.1 mod_nss/1.0.14 NSS/3.28.4 
PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Thu Oct 05 11:36:35.100849 2017] [core:notice] [pid 7417] AH00094: Command 
line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Oct 05 11:36:36.676629 2017] [:error] [pid 7424] ipa: INFO: *** PROCESS 
START ***
[Thu Oct 05 11:36:36.695362 2017] [:error] [pid 7425] ipa: INFO: *** PROCESS 
START ***

--- login attempt performed now ---

[Thu Oct 05 11:36:38.504718 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
mod_wsgi (pid=7424): Exception occurred processing WSGI script 
'/usr/share/ipa/wsgi.py'.
[Thu Oct 05 11:36:38.504758 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
Traceback (most recent call last):
[Thu Oct 05 11:36:38.504776 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/share/ipa/wsgi.py", line 51, in application
[Thu Oct 05 11:36:38.504845 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    return api.Backend.wsgi_dispatch(environ, start_response)
[Thu Oct 05 11:36:38.504855 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in 
__call__
[Thu Oct 05 11:36:38.505045 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    return self.route(environ, start_response)
[Thu Oct 05 11:36:38.505054 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in 
route
[Thu Oct 05 11:36:38.505067 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    return app(environ, start_response)
[Thu Oct 05 11:36:38.505072 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 929, in 
__call__
[Thu Oct 05 11:36:38.505079 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    self.kinit(user_principal, password, ipa_ccache_name)
[Thu Oct 05 11:36:38.505083 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 965, in 
kinit
[Thu Oct 05 11:36:38.505089 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    pkinit_anchors=[paths.KDC_CERT, paths.KDC_CA_BUNDLE_PEM],
[Thu Oct 05 11:36:38.505094 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 125, in 
kinit_armor
[Thu Oct 05 11:36:38.505135 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    run(args, env=env, raiseonerr=True, capture_error=True)
[Thu Oct 05 11:36:38.505143 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 511, in run
[Thu Oct 05 11:36:38.505346 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
    raise CalledProcessError(p.returncode, arg_string, str(output))
[Thu Oct 05 11:36:38.505372 2017] [:error] [pid 7424] [remote 192.168.1.48:244] 
CalledProcessError: Command '/usr/bin/kinit -n -c 
/var/run/ipa/ccaches/armor_7424 -X 
X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X 
X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem' returned non-zero 
exit status 1



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] Web UI login fails after upgrading to 4.5

Reply via email to