On 11.9.2014 13:36, Tevfik Ceydeliler wrote:
hi,
thnx for comment.
I really dont care  sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
seems no problem ın that side.
Now I will resert my httpd error log and restart server.

[root@srv httpd]# more error_log
[Thu Sep 11 14:22:59 2014] [notice] caught SIGTERM, shutting down
[Thu Sep 11 14:24:18 2014] [notice] SELinux policy enabled; httpd running as
context system_u:system_r:httpd_t:s0
[Thu Sep 11 14:24:18 2014] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Thu Sep 11 14:24:18 2014] [notice] Digest: generating secret for digest
authentication ...
[Thu Sep 11 14:24:18 2014] [notice] Digest: done
[Thu Sep 11 14:24:19 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4
mod_nss/2.2.15 NSS/3.15.1 Basic ECC mod_wsgi/3.2 Python/2.6.6 configure
d -- resuming normal operations
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***

And

[root@srv httpd]# service iptables status
iptables: Firewall is not running

Seems no problem here.

Which service not available?

The "Service not available" is a generic browser 503 error or is it displayed in FreeIPA Web UI (can you access Web UI, but it doesn't work).

Does CLI work on the server?


On 11-09-2014 14:18, Petr Vobornik wrote:
Hello Tevfik,

comments inline

On 11.9.2014 12:24, Tevfik Ceydeliler wrote:

Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those
command:

# scp /etc/krb5.conf r...@externalmachine.example.com:/etc/krb5_ipa.conf
and

I assume that you want to configure the machine without enrolling it as
FreeIPA client. If not, I would suggest you enrolling it as a client using
ipa-client-install. Then you don't have to do anything else except browser
config.

Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf


vim /etc/httpd/conf.d/ipa.conf

and change this:

KrbMethodK5Passwd off  --> to --> KrbMethodK5Passwd on

FreeIPA's Web UI support forms-based auth so this is not usually needed.


and restart httpd.

Then nothing change. And then I rollback vim /etc/httpd/conf.d/ipa.conf

Now when I try to open Web UI I get An popup error:
"Service Unavailable"

run:

    ipactl status
or
    systemctl status httpd.service

or inspect

   /var/log/httpd/error_log

to find out if web server is running - might not be the case because of
invalid modifications in /etc/httpd/conf.d/ipa.conf , reason should be in the 
log


Have you any idea?

--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to