HI Alexander, please find below error_log [Tue Mar 03 11:32:15.786252 2015] [suexec:notice] [pid 4754] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Mar 03 11:32:15.936866 2015] [auth_digest:notice] [pid 4754] AH01757: generating secret for digest authentication ... [Tue Mar 03 11:32:15.937438 2015] [lbmethod_heartbeat:notice] [pid 4754] AH02282: No slotmem from mod_heartmonitor [Tue Mar 03 11:32:15.942887 2015] [mpm_prefork:notice] [pid 4754] AH00163: Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations [Tue Mar 03 11:32:15.942907 2015] [core:notice] [pid 4754] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue Mar 03 11:32:18.292758 2015] [:error] [pid 4757] ipa: INFO: *** PROCESS START *** [Tue Mar 03 11:32:18.294084 2015] [:error] [pid 4756] ipa: INFO: *** PROCESS START *** [Tue Mar 03 11:33:30.826970 2015] [mpm_prefork:notice] [pid 4754] AH00170: caught SIGWINCH, shutting down gracefully [Tue Mar 03 11:33:31.977789 2015] [suexec:notice] [pid 5227] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Mar 03 11:33:32.135520 2015] [auth_digest:notice] [pid 5227] AH01757: generating secret for digest authentication ... [Tue Mar 03 11:33:32.136094 2015] [lbmethod_heartbeat:notice] [pid 5227] AH02282: No slotmem from mod_heartmonitor [Tue Mar 03 11:33:32.140750 2015] [mpm_prefork:notice] [pid 5227] AH00163: Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations [Tue Mar 03 11:33:32.140775 2015] [core:notice] [pid 5227] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue Mar 03 11:33:34.118337 2015] [:error] [pid 5229] ipa: INFO: *** PROCESS START *** [Tue Mar 03 11:33:34.216507 2015] [:error] [pid 5229] ipa: INFO: host/kwtpocpbis01.solipa.local@SOLIPA.LOCAL: ping(version=u'2.51'): SUCCESS [Tue Mar 03 11:33:34.260966 2015] [:error] [pid 5229] ipa: INFO: host/kwtpocpbis01.solipa.local@SOLIPA.LOCAL: env(None, server=True, version=u'2.0'): SUCCESS [Tue Mar 03 11:33:34.364965 2015] [:error] [pid 5230] ipa: INFO: *** PROCESS START *** [Tue Mar 03 11:33:34.533853 2015] [:error] [pid 5229] ipa: INFO: host/kwtpocpbis01.solipa.local@SOLIPA.LOCAL: host_mod(u'kwtpocpbis01.solipa.local', ipasshpubkey=(u'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCva/juHXDSpThhcaVgntCgycTCI6sDWXHPAcr6KsRhPeiXQ4ndW4BtUIT6EPLR1AHO8vUsZ7/rY3Ug2KtGdYLoJYDfuJkvePTGJsMpFnwlk4yfd/GNBqeN4dRYBs6iFUGXc1VWyvCEcU4zvdAmySVz6cK37JS5EGj2uekpxt9lQ4S1/QxaGtzmTscjBPkyGc8UXVv/9fqlnQRwmA1HeqYkYImDlQ4IXN3sRs1kd3nYyrJjX/DC14KvXfVK7Wshcnrzg7K99kb4qvl2OQARMGUk17eG80cQMPgn4obALKMviQDgZI11NCZxdOWaATXCfKbOQoVotN/ZHRW5EwvouOh3', u'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMWd02Oy89LapjVTyJIAMs18M+7T4R1jyxw3S0TsLb/zgO581bXjiFllcncXxoH1hUrFgw9rnjl3jJEz/l7jsZQ='), updatedns=False, version=u'2.26'): SUCCESS [Tue Mar 03 11:59:31.106076 2015] [mpm_prefork:notice] [pid 5227] AH00170: caught SIGWINCH, shutting down gracefully [Tue Mar 03 11:59:32.257238 2015] [suexec:notice] [pid 5640] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Mar 03 11:59:32.422464 2015] [auth_digest:notice] [pid 5640] AH01757: generating secret for digest authentication ... [Tue Mar 03 11:59:32.423101 2015] [lbmethod_heartbeat:notice] [pid 5640] AH02282: No slotmem from mod_heartmonitor [Tue Mar 03 11:59:32.428874 2015] [mpm_prefork:notice] [pid 5640] AH00163: Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations [Tue Mar 03 11:59:32.428900 2015] [core:notice] [pid 5640] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue Mar 03 11:59:34.007708 2015] [:error] [pid 5642] ipa: INFO: *** PROCESS START *** [Tue Mar 03 11:59:34.011510 2015] [:error] [pid 5643] ipa: INFO: *** PROCESS START *** [Tue Mar 03 12:00:41.123161 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: dnszone_add(u'kwttestdc.com', idnssoamname=u' kwttestdc001.kwttestdc.com', idnssoarname=u'ben\\\\.george.alshaya.com.', idnssoaserial=1425373240, idnssoarefresh=3600, idnssoaretry=900, idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy=u'grant SOLIPA.LOCAL krb5-self * A; grant SOLIPA.LOCAL krb5-self * AAAA; grant SOLIPA.LOCAL krb5-self * SSHFP;', idnsallowdynupdate=False, idnsallowquery=u'any;', idnsallowtransfer=u'none;', idnsforwarders=(u'172.16.104.231',), idnsforwardpolicy=u'only', force=True, ip_address=u'172.16.104.231', all=False, raw=False, version=u'2.65'): SUCCESS [Tue Mar 03 12:08:04.303874 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: trust_add(u'kwttestdc.com', trust_type=u'ad', realm_admin=u'adm-ben.george', realm_passwd=u'********', all=False, raw=False, version=u'2.65'): SUCCESS [Tue Mar 03 12:08:33.999720 2015] [:error] [pid 5648] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:08:47.551853 2015] [:error] [pid 5646] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:09:34.575636 2015] [:error] [pid 5645] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:09:37.139651 2015] [:error] [pid 5648] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:09:38.097289 2015] [:error] [pid 5644] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:09:38.661205 2015] [:error] [pid 5646] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:10:14.552788 2015] [:error] [pid 5645] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:10:36.286938 2015] [:error] [pid 5648] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:11:51.977242 2015] [:error] [pid 5644] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:11:52.744281 2015] [:error] [pid 5646] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:11:53.469238 2015] [:error] [pid 5742] SSL Library Error: -12271 SSL client cannot verify your certificate [Tue Mar 03 12:12:47.169966 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:14:47.496828 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: trustdomain_find(u'kwttestdc.com', None, all=False, raw=False, version=u'2.65', pkey_only=False): SUCCESS [Tue Mar 03 12:17:42.475926 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:17:53.987719 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'S-1-5-21-3321666283-4099738591-2270060621', rights=False, all=False, raw=False, version=u'2.65'): NotFound [Tue Mar 03 12:18:00.631755 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:21:16.841559 2015] [:error] [pid 5648] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate [Tue Mar 03 12:21:23.288682 2015] [:error] [pid 5646] SSL Library Error: -12195 Peer does not recognize and trust the CA that issued your certificate [Tue Mar 03 12:21:34.492765 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: i18n_messages(): SUCCESS [Tue Mar 03 12:21:34.498549 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: config_show(): SUCCESS [Tue Mar 03 12:21:34.518631 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: user_find(None, whoami=True, all=True): SUCCESS [Tue Mar 03 12:21:34.519030 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: env(None): SUCCESS [Tue Mar 03 12:21:34.521096 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: dns_is_enabled(): SUCCESS [Tue Mar 03 12:21:34.523237 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: trustconfig_show(): SUCCESS [Tue Mar 03 12:21:34.523490 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch(({u'params': [[], {}], u'method': u'i18n_messages'}, {u'params': [[], {}], u'method': u'config_show'}, {u'params': [[], {u'all': True, u'whoami': True}], u'method': u'user_find'}, {u'params': [[], {}], u'method': u'env'}, {u'params': [[], {}], u'method': u'dns_is_enabled'}, {u'params': [[], {}], u'method': u'trustconfig_show'})): SUCCESS [Tue Mar 03 12:21:34.667686 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: json_metadata(None, None, object=u'all'): SUCCESS [Tue Mar 03 12:21:35.002795 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: json_metadata(None, None, command=u'all'): SUCCESS [Tue Mar 03 12:21:35.607923 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: user_find(u'', sizelimit=0, pkey_only=True): SUCCESS [Tue Mar 03 12:21:35.695390 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: user_show(u'admin', no_members=True): SUCCESS [Tue Mar 03 12:21:35.695725 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch(({u'params': [[u'admin'], {u'no_members': True}], u'method': u'user_show'},)): SUCCESS [Tue Mar 03 12:21:41.369089 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: role_find(u'', sizelimit=0, pkey_only=True): SUCCESS [Tue Mar 03 12:21:41.426571 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: role_show(u'IT Security Specialist', no_members=True): SUCCESS [Tue Mar 03 12:21:41.428475 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: role_show(u'IT Specialist', no_members=True): SUCCESS [Tue Mar 03 12:21:41.430391 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: role_show(u'Security Architect', no_members=True): SUCCESS [Tue Mar 03 12:21:41.432380 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: role_show(u'User Administrator', no_members=True): SUCCESS [Tue Mar 03 12:21:41.434401 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch: role_show(u'helpdesk', no_members=True): SUCCESS [Tue Mar 03 12:21:41.434791 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: batch(({u'params': [[u'IT Security Specialist'], {u'no_members': True}], u'method': u'role_show'}, {u'params': [[u'IT Specialist'], {u'no_members': True}], u'method': u'role_show'}, {u'params': [[u'Security Architect'], {u'no_members': True}], u'method': u'role_show'}, {u'params': [[u'User Administrator'], {u'no_members': True}], u'method': u'role_show'}, {u'params': [[u'helpdesk'], {u'no_members': True}], u'method': u'role_show'})): SUCCESS [Tue Mar 03 12:21:44.887796 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: trust_find(u'', sizelimit=0, pkey_only=True): SUCCESS [Tue Mar 03 12:21:46.551033 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: trust_show(u'kwttestdc.com', rights=True, all=True): SUCCESS [Tue Mar 03 12:21:50.277095 2015] [:error] [pid 5643] ipa: INFO: admin@SOLIPA.LOCAL: trustdomain_find(u'kwttestdc.com', u'', sizelimit=0): SUCCESS [Tue Mar 03 12:23:40.322942 2015] [:error] [pid 5642] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:24:33.747970 2015] [mpm_prefork:notice] [pid 5640] AH00170: caught SIGWINCH, shutting down gracefully [Tue Mar 03 12:24:34.897235 2015] [suexec:notice] [pid 5928] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Mar 03 12:24:35.054320 2015] [auth_digest:notice] [pid 5928] AH01757: generating secret for digest authentication ... [Tue Mar 03 12:24:35.054895 2015] [lbmethod_heartbeat:notice] [pid 5928] AH02282: No slotmem from mod_heartmonitor [Tue Mar 03 12:24:35.062223 2015] [mpm_prefork:notice] [pid 5928] AH00163: Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations [Tue Mar 03 12:24:35.062253 2015] [core:notice] [pid 5928] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue Mar 03 12:24:36.548124 2015] [:error] [pid 5930] ipa: INFO: *** PROCESS START *** [Tue Mar 03 12:24:36.705261 2015] [:error] [pid 5931] ipa: INFO: *** PROCESS START *** [Tue Mar 03 12:24:40.680284 2015] [:error] [pid 5930] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:27:09.118008 2015] [:error] [pid 5931] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:30:11.090164 2015] [:error] [pid 5930] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:31:41.802566 2015] [:error] [pid 5931] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 12:59:20.926434 2015] [:error] [pid 5930] ipa: INFO: admin@SOLIPA.LOCAL: group_add(u'ad_users_external', description=u' kwttestdc.com users external map', nonposix=False, external=True, all=False, raw=False, version=u'2.65', no_members=False): SUCCESS [Tue Mar 03 12:59:37.431092 2015] [:error] [pid 5931] ipa: INFO: admin@SOLIPA.LOCAL: group_add(u'ad_users', description=u'kwttestdc.com users', nonposix=False, external=False, all=False, raw=False, version=u'2.65', no_members=False): SUCCESS [Tue Mar 03 12:59:51.013947 2015] [:error] [pid 5930] ipa: WARNING: Search on AD DC KWTTESTDC001.kwttestdc.com:3268 failed with: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (KDC policy rejects request) [Tue Mar 03 12:59:51.016172 2015] [:error] [pid 5930] ipa: INFO: admin@SOLIPA.LOCAL: group_add_member(u'ad_users_external', ipaexternalmember=(u'KWTTESTDC\\\\Domain Users',), all=False, raw=False, version=u'2.65', no_members=False): SUCCESS [Tue Mar 03 13:02:26.166599 2015] [:error] [pid 5931] ipa: WARNING: Search on AD DC KWTTESTDC001.kwttestdc.com:3268 failed with: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (KDC policy rejects request) [Tue Mar 03 13:02:26.168967 2015] [:error] [pid 5931] ipa: INFO: admin@SOLIPA.LOCAL: group_add_member(u'ad_users_external', ipaexternalmember=(u'KWTTESTDC\\\\Domain Users',), all=False, raw=False, version=u'2.65', no_members=False): SUCCESS [Tue Mar 03 13:03:01.402913 2015] [mpm_prefork:notice] [pid 5928] AH00170: caught SIGWINCH, shutting down gracefully [Tue Mar 03 13:03:02.552272 2015] [suexec:notice] [pid 6259] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Tue Mar 03 13:03:02.717818 2015] [auth_digest:notice] [pid 6259] AH01757: generating secret for digest authentication ... [Tue Mar 03 13:03:02.718405 2015] [lbmethod_heartbeat:notice] [pid 6259] AH02282: No slotmem from mod_heartmonitor [Tue Mar 03 13:03:02.722947 2015] [mpm_prefork:notice] [pid 6259] AH00163: Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations [Tue Mar 03 13:03:02.722971 2015] [core:notice] [pid 6259] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Tue Mar 03 13:03:04.176015 2015] [:error] [pid 6261] ipa: INFO: *** PROCESS START *** [Tue Mar 03 13:03:04.372111 2015] [:error] [pid 6262] ipa: INFO: *** PROCESS START *** [Tue Mar 03 13:04:11.740356 2015] [:error] [pid 6261] ipa: INFO: admin@SOLIPA.LOCAL: trust_add(u'kwttestdc.com', trust_type=u'ad', realm_admin=u'adm-ben.george', realm_passwd=u'********', all=False, raw=False, version=u'2.65'): SUCCESS [Tue Mar 03 13:04:39.190084 2015] [:error] [pid 6262] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError [Tue Mar 03 13:05:02.725135 2015] [:error] [pid 6261] ipa: INFO: admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False, all=False, raw=False, version=u'2.65'): RemoteRetrieveError
the last 2 lines only getting updated while giving ipa trust-fetch-domains " kwttestdc.com" On Tue, Mar 3, 2015 at 1:37 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Tue, 03 Mar 2015, Ben .T.George wrote: > >> HI >> >> thanks for the replay. >> >> iwas going through the replays and find that you suggested to check >> firewall and DNS >> > What do you see in /var/log/httpd/error_log as result of dumping > netr_LogonControl2Ex structure? You never showed that. > > Like in https://www.redhat.com/archives/freeipa-users/2015- > February/msg00404.html > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project