Hello all, i suppose the issue is quite typical but still unable to find any solution.
All i need is to run some ipa cli commands from scripts with preliminary kinit I manage to authenticate as kinit -F -k -t <keytab> <principal> That allows me to use ldap for example, i can do ldapsearch -Y GSSAPI etc However, when trying to run cli commands, i'm getting the following sh-4.2# ipa user-find aaa ipa: ERROR: cannot connect to 'any of the configured servers': https://<idm0>/ipa/json, https://<idm1>/ipa/json This is caused by wsgi module, as it said in httpd error log [Mon Dec 04 06:45:45.027199 2017] [:error] [pid 1745] ipa: ERROR: 500 Internal Server Error: KerberosWSGIExecutioner.__call__: KRB5CCNAME not defined in HTTP request environment [Mon Dec 04 06:45:45.027769 2017] [:error] [pid 1745] [remote ...:60] mod_wsgi (pid=1745): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. At the same time when i do kinit <same principal> with manual password input, everything works as intended. IPA has been upgraded to latest 4.5.0, wsgi module after yum update is Name : mod_wsgi Arch : x86_64 Version : 3.4 Release : 12.el7_0 Size : 197 k I never configured anything manually, so barely broke anything. Please any ideas _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org