Yes I can use ipa on cli
On 11-09-2014 20:17, Petr Vobornik wrote:
On 11.9.2014 13:36, Tevfik Ceydeliler wrote:
thnx for comment.
I really dont care  sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl status
Directory Service: RUNNING
seems no problem ın that side.
Now I will resert my httpd error log and restart server.

[root@srv httpd]# more error_log
[Thu Sep 11 14:22:59 2014] [notice] caught SIGTERM, shutting down
[Thu Sep 11 14:24:18 2014] [notice] SELinux policy enabled; httpd running as
context system_u:system_r:httpd_t:s0
[Thu Sep 11 14:24:18 2014] [notice] suEXEC mechanism enabled (wrapper:
[Thu Sep 11 14:24:18 2014] [notice] Digest: generating secret for digest
authentication ...
[Thu Sep 11 14:24:18 2014] [notice] Digest: done
[Thu Sep 11 14:24:19 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4
mod_nss/2.2.15 NSS/3.15.1 Basic ECC mod_wsgi/3.2 Python/2.6.6 configure
d -- resuming normal operations
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***


[root@srv httpd]# service iptables status
iptables: Firewall is not running

Seems no problem here.

Which service not available?

The "Service not available" is a generic browser 503 error or is it displayed in FreeIPA Web UI (can you access Web UI, but it doesn't work).

Does CLI work on the server?

On 11-09-2014 14:18, Petr Vobornik wrote:
Hello Tevfik,

comments inline

On 11.9.2014 12:24, Tevfik Ceydeliler wrote:

Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those

# scp /etc/krb5.conf

I assume that you want to configure the machine without enrolling it as
FreeIPA client. If not, I would suggest you enrolling it as a client using ipa-client-install. Then you don't have to do anything else except browser

Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf

vim /etc/httpd/conf.d/ipa.conf

and change this:

KrbMethodK5Passwd off  --> to --> KrbMethodK5Passwd on

FreeIPA's Web UI support forms-based auth so this is not usually needed.

and restart httpd.

Then nothing change. And then I rollback vim /etc/httpd/conf.d/ipa.conf

Now when I try to open Web UI I get An popup error:
"Service Unavailable"


    ipactl status
    systemctl status httpd.service

or inspect


to find out if web server is running - might not be the case because of
invalid modifications in /etc/httpd/conf.d/ipa.conf , reason should be in the log

Have you any idea?


<img src="";> </img>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece 
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi 
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi 
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar 
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail 
and any files transmitted with it are intended solely for the use of the 
individual or entity to whom they are addressed and Yasar Group Companies do 
not accept legal responsibility for the contents. If you are not the intended 
recipient, please immediately notify the sender and delete it from your system.
Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to