Lager, Nathan T. wrote:
----- Original Message -----
From: "Rob Crittenden" <rcrit...@redhat.com>
To: "Nathan Lager" <lag...@lafayette.edu>
Sent: Wednesday, September 19, 2012 4:35:30 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
Nathan Lager wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 09/19/2012 03:47 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
Rob, keytab and kerberos part seems to be fine, ldap works too.
Can it be one of the certs? May be some cert expired?
No, the error is coming from GSSAPI, it is unfortunately
completely useless. I think we've pretty well narrowed down the
problem to httpd/mod_auth_kerb but I don't know yet if this is a
configuration issue or a bug.
Nathan, can you show me your /etc/httpd/conf.d/ipa.conf?
Sure, as far as I know its completely stock, aside from the krb
password auth change.
Yup, configuration looks fine.
Ok, let's eliminate the ipa tool as the problem and try curl:
Create a file test.json with these contents:
then run this:
curl -H "Content-Type:application/json" -H "Accept:application/json"
"Accept-Language:en" -H "Referer:
https://caroline0.lafayette.edu/ipa/xml" --negotiate -u : --cacert
/etc/ipa/ca.crt -d @test.json -X POST
Seems to be running into the same trouble.
[lagern@caroline0 PROD ~]$ curl -H "Content-Type:application/json" -H "Accept:application/json" -H
"Accept-Language:en" -H "Referer: https://caroline0.lafayette.edu/ipa/xml" --negotiate -u :
--cacert /etc/ipa/ca.crt -d @test.json -X POST https://caroline0.lafayette.edu/ipa/json
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>500 Internal Server Error</title>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
<p>Please contact the server administrator,
root@localhost and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
<p>More information about this error may be available
in the server error log.</p>
<address>Apache/2.2.15 (Red Hat) Server at caroline0.lafayette.edu Port
Ok, need to gather some more info:
# kvno HTTP/caroline0.lafayette.edu
# klist -kt /etc/httpd/conf/ipa.keytab
Freeipa-users mailing list