----- Original Message -----
> From: "Rob Crittenden" <rcrit...@redhat.com>
> To: "Nathan Lager" <lag...@lafayette.edu>
> Cc: email@example.com
> Sent: Wednesday, September 19, 2012 4:35:30 PM
> Subject: Re: [Freeipa-users] sudden ipa errors.
> Nathan Lager wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > On 09/19/2012 03:47 PM, Rob Crittenden wrote:
> >> Dmitri Pal wrote:
> >>> Rob, keytab and kerberos part seems to be fine, ldap works too.
> >>> Can it be one of the certs? May be some cert expired?
> >> No, the error is coming from GSSAPI, it is unfortunately
> >> completely useless. I think we've pretty well narrowed down the
> >> problem to httpd/mod_auth_kerb but I don't know yet if this is a
> >> configuration issue or a bug.
> >> Nathan, can you show me your /etc/httpd/conf.d/ipa.conf?
> > Sure, as far as I know its completely stock, aside from the krb
> > password auth change.
> Yup, configuration looks fine.
> Ok, let's eliminate the ipa tool as the problem and try curl:
> Create a file test.json with these contents:
> then run this:
> curl -H "Content-Type:application/json" -H "Accept:application/json"
> "Accept-Language:en" -H "Referer:
> https://caroline0.lafayette.edu/ipa/xml" --negotiate -u : --cacert
> /etc/ipa/ca.crt -d @test.json -X POST
Seems to be running into the same trouble.
[lagern@caroline0 PROD ~]$ curl -H "Content-Type:application/json" -H
"Accept:application/json" -H "Accept-Language:en" -H "Referer:
https://caroline0.lafayette.edu/ipa/xml" --negotiate -u : --cacert
/etc/ipa/ca.crt -d @test.json -X POST https://caroline0.lafayette.edu/ipa/json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
<p>Please contact the server administrator,
root@localhost and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<address>Apache/2.2.15 (Red Hat) Server at caroline0.lafayette.edu Port
> This does the equivalent of an: ipa user-show admin
Freeipa-users mailing list