On 27 October 2017 at 10:32, Lachlan Musicman <data...@gmail.com> wrote:

> On 27 October 2017 at 07:38, Rob Crittenden <rcrit...@redhat.com> wrote:
>
>> Lachlan Musicman via FreeIPA-users wrote:
>> >
>> > When I look at the ID Views in the interface, I get an "IPA Error 903:
>> > InternalError".
>>
>> See /var/log/httpd/error_log for details, there may be a python backtrace.
>>
>
> Sure do!
>
> [Thu Oct 26 12:57:25.413102 2017] [:error] [pid 1316] ipa: ERROR:
> non-public: RuntimeError: Unable to load file /usr/share/ipa/smb.conf.empty
> [Thu Oct 26 12:57:25.413118 2017] [:error] [pid 1316] Traceback (most
> recent call last):
> [Thu Oct 26 12:57:25.413121 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 367, in
> wsgi_execute
> [Thu Oct 26 12:57:25.413124 2017] [:error] [pid 1316]     result =
> command(*args, **options)
> [Thu Oct 26 12:57:25.413126 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in
> __call__
> [Thu Oct 26 12:57:25.413128 2017] [:error] [pid 1316]     return
> self.__do_call(*args, **options)
> [Thu Oct 26 12:57:25.413130 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in
> __do_call
> [Thu Oct 26 12:57:25.413133 2017] [:error] [pid 1316]     ret =
> self.run(*args, **options)
> [Thu Oct 26 12:57:25.413135 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run
> [Thu Oct 26 12:57:25.413137 2017] [:error] [pid 1316]     return
> self.execute(*args, **options)
> [Thu Oct 26 12:57:25.413139 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/baseldap.py", line
> 2050, in execute
> [Thu Oct 26 12:57:25.413141 2017] [:error] [pid 1316]     truncated =
> callback(self, ldap, entries, truncated, *args, **options)
> [Thu Oct 26 12:57:25.413144 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/idviews.py", line
> 1123, in post_callback
> [Thu Oct 26 12:57:25.413146 2017] [:error] [pid 1316]     ldap, entries,
> truncated, *args, **options)
> [Thu Oct 26 12:57:25.413148 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/idviews.py", line
> 829, in post_callback
> [Thu Oct 26 12:57:25.413151 2017] [:error] [pid 1316]
> self.obj.convert_anchor_to_human_readable_form(entry, **options)
> [Thu Oct 26 12:57:25.413153 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/idviews.py", line
> 733, in convert_anchor_to_human_readable_form
> [Thu Oct 26 12:57:25.413156 2017] [:error] [pid 1316]     anchor
> [Thu Oct 26 12:57:25.413158 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/plugins/idviews.py", line
> 632, in resolve_anchor_to_object_name
> [Thu Oct 26 12:57:25.413161 2017] [:error] [pid 1316]     name =
> domain_validator.get_trusted_domain_object_from_sid(sid)
> [Thu Oct 26 12:57:25.413163 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 503, in
> get_trusted_domain_object_from_sid
> [Thu Oct 26 12:57:25.413165 2017] [:error] [pid 1316]     attrs=attrs)
> [Thu Oct 26 12:57:25.413167 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 380, in
> get_trusted_domain_objects
> [Thu Oct 26 12:57:25.413170 2017] [:error] [pid 1316]     entries =
> self.search_in_dc(domain, filter, attrs, scope, basedn)
> [Thu Oct 26 12:57:25.413172 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 689, in
> search_in_dc
> [Thu Oct 26 12:57:25.413174 2017] [:error] [pid 1316]     info =
> self.__retrieve_trusted_domain_gc_list(domain)
> [Thu Oct 26 12:57:25.413176 2017] [:error] [pid 1316]   File
> "/usr/lib/python2.7/site-packages/ipaserver/dcerpc.py", line 763, in
> __retrieve_trusted_domain_gc_list
> [Thu Oct 26 12:57:25.413179 2017] [:error] [pid 1316]
> os.path.join(paths.USR_SHARE_IPA_DIR, "smb.conf.empty"))
> [Thu Oct 26 12:57:25.413181 2017] [:error] [pid 1316] RuntimeError: Unable
> to load file /usr/share/ipa/smb.conf.empty
>
>
> >
>> > [26/Oct/2017:12:31:23.454702287 +1100] - ERR - set_krb5_creds - Could
>> > not get initial credentials for principal
>> > [ldap/vmdr-linuxidm.unix.domain....@unix.domain.com
>> > <mailto:vmdr-linuxidm.unix.domain....@unix.domain.com>] in keytab
>> > [FILE:/etc/dirsrv/ds.keytab]: -1765328228 (Cannot contact any KDC for
>> > requested realm)
>> >
>> > I can get `kinit admin` working fine. But there's something wrong. I
>> > don't know where to look exactly.
>>
>> KRB5_TRACE=/dev/stdout kinit admin
>>
>> See what KDC kinit is using. It should be using the local box because
>> masters should point only to themselves.
>>
>
> Yes, that command makes reference to it's own ip, eg: "Sending TCP request
> to stream 10.126.18.129:88"
>
>
>> > /var/log/httpd/error has this
>> >
>> > RuntimeError: Unable to load file /usr/share/ipa/smb.conf.empty
>> >
>> > Which is interesting. There's no file /usr/share/ipa/smb.conf.empty but
>> > there is a /usr/share/ipa/smb.conf.template?
>>
>> Probably need more context.
>>
>
> I've only just realised this is the above error - when I go to ID
> View->Default Trust View in the WebUI, I get the above python stacktrace,
> but I also get
>
>
> [Fri Oct 27 10:03:43.466674 2017] [:warn] [pid 5686] [client
> 10.126.160.47:53715] failed to set perms (3140) on file
> (/var/run/ipa/ccaches/ad...@unix.domain.com)!, referer:
> https://vmdr-linuxidm.unix.domain.com/ipa/ui/
>
>



I looked at the notes I made from the out put created when I set the
replica up. It makes reference to
https://vmdr-linuxidm.unix.domain.com/ipa/session/json. When I go to that
page in a browser, I see:

{"result": null, "version": "4.5.0", "error": {"message": "Missing or
invalid HTTP Referer, missing", "code": 911, "data": {"referer":
"missing"}, "name": "RefererError"}, "id": null, "principal":
"ad...@unix.domain.com"}

cheers
L.


------
"The antidote to apocalypticism is *apocalyptic civics*. Apocalyptic civics
is the insistence that we cannot ignore the truth, nor should we panic
about it. It is a shared consciousness that our institutions have failed
and our ecosystem is collapsing, yet we are still here — and we are
creative agents who can shape our destinies. Apocalyptic civics is the
conviction that the only way out is through, and the only way through is
together. "

*Greg Bloom* @greggish
https://twitter.com/greggish/status/873177525903609857

>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to