Hello Les, Did you manage to resolve the issue? I just got to it after the Christmas break. Reading few resources online, this error seems to come of a misconfigured httpd when for example mod_authz_groupfile.so or mod_authz_user.so Apache modules are not loaded (I have them loaded in /etc/httpd/conf.modules.d/00-base.conf).
Did you modify httpd configuration before you run ipa-replica-install in any way? Martin On 12/16/2013 01:44 PM, Les Stott wrote: > Petr, > > The below was the error from apache error logs.... > >> Apache logs the following error at the same time... >> >> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: >> couldn't check access. No groups file?: /ipa/xml, referer: >> https://replica.mydomain.com/ipa/xml > > Other lines in the /var/log/httpd/error log at the same time... > > [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START *** > [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START *** > [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: > couldn't check access. No groups file?: /ipa/xml, referer: > https://replica.mydomain.com/ipa/xml > [Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down > [Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as > context unconfined_u:system_r:httpd_t:s0 > > Regards, > > Les > > ________________________________________ > From: Petr Spacek [pspa...@redhat.com] > Sent: Monday, December 16, 2013 10:38 PM > To: Les Stott; freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Trouble with replica install > > On 16.12.2013 10:55, Les Stott wrote: >> Sorry, when I said "selinux is in permissive mode, but it's the same as on >> the master server, so it should be the issue." It should have read as >> "selinux is in permissive mode, but it's the same as on the master server, >> so it should NOT be the issue." >> >> Les >> >> From: freeipa-users-boun...@redhat.com >> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott >> Sent: Monday, 16 December 2013 8:47 PM >> To: freeipa-users@redhat.com >> Subject: [Freeipa-users] Trouble with replica install >> >> Hi, >> >> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6. >> Already setup master server, now trying to install replica (which I've done >> before and its worked fine). >> >> The replica install gets all the way to the end but errors out. For the most >> part, it looks like it is complete, but I want to be sure there are no >> lingering issues. >> >> The error I see in the log is...(domain and ip's changed) >> >> ------------------------ >> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com >> Realm: MYDOMAIN.COM >> DNS Domain: mydomain.com >> IPA Server: replica.mydomain.com >> BaseDN: dc=mydomain,dc=com >> Domain mydomain.com is already configured in existing SSSD config, creating >> a new one. >> The old /etc/sssd/sssd.conf is backed up and will be restored during >> uninstall. >> Configured /etc/sssd/sssd.conf >> trying https://replica.mydomain.com/ipa/xml >> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml' >> Traceback (most recent call last): >> File "/usr/sbin/ipa-client-install", line 2377, in <module> >> sys.exit(main()) >> File "/usr/sbin/ipa-client-install", line 2363, in main >> rval = install(options, env, fstore, statestore) >> File "/usr/sbin/ipa-client-install", line 2167, in install >> remote_env = api.Command['env'](server=True)['result'] >> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in >> __call__ >> ret = self.run(*args, **options) >> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in >> run >> return self.forward(*args, **options) >> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in >> forward >> return self.Backend.xmlclient.forward(self.name, *args, **kw) >> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in >> forward >> raise NetworkError(uri=server, error=e.errmsg) > >> ipalib.errors.NetworkError: cannot connect to >> u'https://replica.mydomain.com/ipa/xml': Internal Server Error > > Please look into /var/log/httpd/errors.log on server replica.mydomain.com and > check error messages there. > > Petr^2 Spacek > >> >> 2013-12-16T09:26:50Z INFO File >> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line >> 614, in run_script >> return_value = main_function() >> >> File "/usr/sbin/ipa-replica-install", line 527, in main >> raise RuntimeError("Failed to configure the client") >> >> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: >> RuntimeError: Failed to configure the client >> ------------------- >> >> Apache logs the following error at the same time... >> >> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: >> couldn't check access. No groups file?: /ipa/xml, referer: >> https://replica.mydomain.com/ipa/xml >> >> I can login to the gui and it seems ok, but I'm rolling this into production >> so I've got to get it right. >> >> I'm hoping this is just some bug because its an older freeipa on redhat >> (minimal install) etc. selinux is in permissive mode, but it's the same as >> on the master server, so it should be the issue. >> >> Is this error critical? How can I fix it? >> >> Thanks in advance, >> >> Les > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
