Hi Jeremy, to enable debugging you can simply create /etc/ipa/server.conf if the file does not exist: # cat /etc/ipa/server.conf [global] debug=True # systemctl restart httpd
The HTTPd certificate is stored in /var/lib/ipa/certs/httpd.crt, you can examine its content with # openssl x509 -noout -text -in /var/lib/ipa/certs/httpd.crt If the IPA deployment includes an embedded CA, the CA that issued the httpd cert is stored in /etc/ipa/ca.crt and can also be checked with openssl command. flo On Tue, Sep 7, 2021 at 6:09 PM Jeremy Tourville < jeremy_tourvi...@hotmail.com> wrote: > I think I see the issue but I am unsure what to do to fix it. See below. > > To answer your question, yes I did accept the security exception. > > Also, I don't see a server.conf file at /etc/ipa so that I may enable > debugging. What can you suggest for this issue? > > > [root@utility ~]# ipactl status > Directory Service: RUNNING > krb5kdc Service: RUNNING > kadmin Service: RUNNING > named Service: RUNNING > httpd Service: RUNNING > ipa-custodia Service: RUNNING > pki-tomcatd Service: RUNNING > smb Service: RUNNING > winbind Service: RUNNING > ipa-otpd Service: RUNNING > ipa-ods-exporter Service: STOPPED > ods-enforcerd Service: RUNNING > ipa-dnskeysyncd Service: RUNNING > ipa: INFO: The ipactl command was successful > > [root@utility ~]# kinit admin > Password for ad...@idm.nac-issa.org: > > [root@utility ~]# klist > Ticket cache: KCM:0:43616 > Default principal: ad...@idm.nac-issa.org > > Valid starting Expires Service principal > 09/07/2021 10:59:23 09/08/2021 10:09:04 krbtgt/ > idm.nac-issa....@idm.nac-issa.org > > [root@utility ~]# ipa config-show > ipa: ERROR: cannot connect to 'https://utility.idm.nac-issa.org/ipa/json': > [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897) > > > ------------------------------ > *From:* Florence Renaud <f...@redhat.com> > *Sent:* Tuesday, September 7, 2021 10:47 AM > *To:* FreeIPA users list <freeipa-users@lists.fedorahosted.org> > *Cc:* Jeremy Tourville <jeremy_tourvi...@hotmail.com> > *Subject:* Re: [Freeipa-users] Re: Why is ipa-ods-exporter broken after > running ipa-dns-install? (Was - Unable to start directory server after > updates) > > Hi Jeremy, > Did you accept the security exception displayed by the browser (I'm > trying to eliminate obvious issues)? > If nothing is displayed, can you check if ipa command-line is working as > expected (for instance do "kinit admin; ipa config-show")? > You may want to enable debug logs (add debug=True to the [global] section > of /etc/ipa/server.conf and restart httpd service), retry WebUI > authentication and check the generated logs in /var/log/http/error_log > > flo > > On Tue, Sep 7, 2021 at 2:01 PM Jeremy Tourville via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > > OK, > Why don't I see anything on the initial login page? > All I see is the URL and the fact that the certificate is not trusted. > The certificate is not expired yet. Not until Nov 2021. > The login in page is mostly solid white with no login or password field. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure