Disregard this part >>>Also, I don't see a server.conf file at /etc/ipa so that I may enable >>>debugging. What can you suggest for this issue? The file is /etc/ipa/default.conf. I should have looked before replying. I have uploaded the httpd error_log to pastebin for review.
https://pastebin.com/RpK5EZQr ________________________________ From: Jeremy Tourville <[email protected]> Sent: Tuesday, September 7, 2021 11:09 AM To: FreeIPA users list <[email protected]> Cc: Florence Renaud <[email protected]> Subject: Re: [Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates) I think I see the issue but I am unsure what to do to fix it. See below. To answer your question, yes I did accept the security exception. Also, I don't see a server.conf file at /etc/ipa so that I may enable debugging. What can you suggest for this issue? [root@utility ~]# ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: RUNNING smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-ods-exporter Service: STOPPED ods-enforcerd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful [root@utility ~]# kinit admin Password for [email protected]: [root@utility ~]# klist Ticket cache: KCM:0:43616 Default principal: [email protected] Valid starting Expires Service principal 09/07/2021 10:59:23 09/08/2021 10:09:04 krbtgt/[email protected] [root@utility ~]# ipa config-show ipa: ERROR: cannot connect to 'https://utility.idm.nac-issa.org/ipa/json': [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897) ________________________________ From: Florence Renaud <[email protected]> Sent: Tuesday, September 7, 2021 10:47 AM To: FreeIPA users list <[email protected]> Cc: Jeremy Tourville <[email protected]> Subject: Re: [Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates) Hi Jeremy, Did you accept the security exception displayed by the browser (I'm trying to eliminate obvious issues)? If nothing is displayed, can you check if ipa command-line is working as expected (for instance do "kinit admin; ipa config-show")? You may want to enable debug logs (add debug=True to the [global] section of /etc/ipa/server.conf and restart httpd service), retry WebUI authentication and check the generated logs in /var/log/http/error_log flo On Tue, Sep 7, 2021 at 2:01 PM Jeremy Tourville via FreeIPA-users <[email protected]<mailto:[email protected]>> wrote: OK, Why don't I see anything on the initial login page? All I see is the URL and the fact that the certificate is not trusted. The certificate is not expired yet. Not until Nov 2021. The login in page is mostly solid white with no login or password field. _______________________________________________ FreeIPA-users mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
