Re: [Freeipa-users] ipa group-add-member failed

Ben .T.George Tue, 03 Mar 2015 02:51:08 -0800

HI Alexander,
please find below error_log

[Tue Mar 03 11:32:15.786252 2015] [suexec:notice] [pid 4754] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 03 11:32:15.936866 2015] [auth_digest:notice] [pid 4754] AH01757:
generating secret for digest authentication ...
[Tue Mar 03 11:32:15.937438 2015] [lbmethod_heartbeat:notice] [pid 4754]
AH02282: No slotmem from mod_heartmonitor
[Tue Mar 03 11:32:15.942887 2015] [mpm_prefork:notice] [pid 4754] AH00163:
Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC
mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Mar 03 11:32:15.942907 2015] [core:notice] [pid 4754] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Mar 03 11:32:18.292758 2015] [:error] [pid 4757] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 11:32:18.294084 2015] [:error] [pid 4756] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 11:33:30.826970 2015] [mpm_prefork:notice] [pid 4754] AH00170:
caught SIGWINCH, shutting down gracefully
[Tue Mar 03 11:33:31.977789 2015] [suexec:notice] [pid 5227] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 03 11:33:32.135520 2015] [auth_digest:notice] [pid 5227] AH01757:
generating secret for digest authentication ...
[Tue Mar 03 11:33:32.136094 2015] [lbmethod_heartbeat:notice] [pid 5227]
AH02282: No slotmem from mod_heartmonitor
[Tue Mar 03 11:33:32.140750 2015] [mpm_prefork:notice] [pid 5227] AH00163:
Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC
mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Mar 03 11:33:32.140775 2015] [core:notice] [pid 5227] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Mar 03 11:33:34.118337 2015] [:error] [pid 5229] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 11:33:34.216507 2015] [:error] [pid 5229] ipa: INFO:
host/kwtpocpbis01.solipa.local@SOLIPA.LOCAL: ping(version=u'2.51'): SUCCESS
[Tue Mar 03 11:33:34.260966 2015] [:error] [pid 5229] ipa: INFO:
host/kwtpocpbis01.solipa.local@SOLIPA.LOCAL: env(None, server=True,
version=u'2.0'): SUCCESS
[Tue Mar 03 11:33:34.364965 2015] [:error] [pid 5230] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 11:33:34.533853 2015] [:error] [pid 5229] ipa: INFO:
host/kwtpocpbis01.solipa.local@SOLIPA.LOCAL:
host_mod(u'kwtpocpbis01.solipa.local', ipasshpubkey=(u'ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCva/juHXDSpThhcaVgntCgycTCI6sDWXHPAcr6KsRhPeiXQ4ndW4BtUIT6EPLR1AHO8vUsZ7/rY3Ug2KtGdYLoJYDfuJkvePTGJsMpFnwlk4yfd/GNBqeN4dRYBs6iFUGXc1VWyvCEcU4zvdAmySVz6cK37JS5EGj2uekpxt9lQ4S1/QxaGtzmTscjBPkyGc8UXVv/9fqlnQRwmA1HeqYkYImDlQ4IXN3sRs1kd3nYyrJjX/DC14KvXfVK7Wshcnrzg7K99kb4qvl2OQARMGUk17eG80cQMPgn4obALKMviQDgZI11NCZxdOWaATXCfKbOQoVotN/ZHRW5EwvouOh3',
u'ecdsa-sha2-nistp256
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMWd02Oy89LapjVTyJIAMs18M+7T4R1jyxw3S0TsLb/zgO581bXjiFllcncXxoH1hUrFgw9rnjl3jJEz/l7jsZQ='),
updatedns=False, version=u'2.26'): SUCCESS
[Tue Mar 03 11:59:31.106076 2015] [mpm_prefork:notice] [pid 5227] AH00170:
caught SIGWINCH, shutting down gracefully
[Tue Mar 03 11:59:32.257238 2015] [suexec:notice] [pid 5640] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 03 11:59:32.422464 2015] [auth_digest:notice] [pid 5640] AH01757:
generating secret for digest authentication ...
[Tue Mar 03 11:59:32.423101 2015] [lbmethod_heartbeat:notice] [pid 5640]
AH02282: No slotmem from mod_heartmonitor
[Tue Mar 03 11:59:32.428874 2015] [mpm_prefork:notice] [pid 5640] AH00163:
Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC
mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Mar 03 11:59:32.428900 2015] [core:notice] [pid 5640] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Mar 03 11:59:34.007708 2015] [:error] [pid 5642] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 11:59:34.011510 2015] [:error] [pid 5643] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 12:00:41.123161 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: dnszone_add(u'kwttestdc.com', idnssoamname=u'
kwttestdc001.kwttestdc.com', idnssoarname=u'ben\\\\.george.alshaya.com.',
idnssoaserial=1425373240, idnssoarefresh=3600, idnssoaretry=900,
idnssoaexpire=1209600, idnssoaminimum=3600, idnsupdatepolicy=u'grant
SOLIPA.LOCAL krb5-self * A; grant SOLIPA.LOCAL krb5-self * AAAA; grant
SOLIPA.LOCAL krb5-self * SSHFP;', idnsallowdynupdate=False,
idnsallowquery=u'any;', idnsallowtransfer=u'none;',
idnsforwarders=(u'172.16.104.231',), idnsforwardpolicy=u'only', force=True,
ip_address=u'172.16.104.231', all=False, raw=False, version=u'2.65'):
SUCCESS
[Tue Mar 03 12:08:04.303874 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: trust_add(u'kwttestdc.com', trust_type=u'ad',
realm_admin=u'adm-ben.george', realm_passwd=u'********', all=False,
raw=False, version=u'2.65'): SUCCESS
[Tue Mar 03 12:08:33.999720 2015] [:error] [pid 5648] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:08:47.551853 2015] [:error] [pid 5646] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:09:34.575636 2015] [:error] [pid 5645] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:09:37.139651 2015] [:error] [pid 5648] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:09:38.097289 2015] [:error] [pid 5644] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:09:38.661205 2015] [:error] [pid 5646] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:10:14.552788 2015] [:error] [pid 5645] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:10:36.286938 2015] [:error] [pid 5648] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:11:51.977242 2015] [:error] [pid 5644] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:11:52.744281 2015] [:error] [pid 5646] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:11:53.469238 2015] [:error] [pid 5742] SSL Library Error:
-12271 SSL client cannot verify your certificate
[Tue Mar 03 12:12:47.169966 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:14:47.496828 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: trustdomain_find(u'kwttestdc.com', None, all=False,
raw=False, version=u'2.65', pkey_only=False): SUCCESS
[Tue Mar 03 12:17:42.475926 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:17:53.987719 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL:
trust_fetch_domains(u'S-1-5-21-3321666283-4099738591-2270060621',
rights=False, all=False, raw=False, version=u'2.65'): NotFound
[Tue Mar 03 12:18:00.631755 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:21:16.841559 2015] [:error] [pid 5648] SSL Library Error:
-12195 Peer does not recognize and trust the CA that issued your certificate
[Tue Mar 03 12:21:23.288682 2015] [:error] [pid 5646] SSL Library Error:
-12195 Peer does not recognize and trust the CA that issued your certificate
[Tue Mar 03 12:21:34.492765 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: i18n_messages(): SUCCESS
[Tue Mar 03 12:21:34.498549 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: config_show(): SUCCESS
[Tue Mar 03 12:21:34.518631 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: user_find(None, whoami=True, all=True): SUCCESS
[Tue Mar 03 12:21:34.519030 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: env(None): SUCCESS
[Tue Mar 03 12:21:34.521096 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: dns_is_enabled(): SUCCESS
[Tue Mar 03 12:21:34.523237 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: trustconfig_show(): SUCCESS
[Tue Mar 03 12:21:34.523490 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch(({u'params': [[], {}], u'method':
u'i18n_messages'}, {u'params': [[], {}], u'method': u'config_show'},
{u'params': [[], {u'all': True, u'whoami': True}], u'method':
u'user_find'}, {u'params': [[], {}], u'method': u'env'}, {u'params': [[],
{}], u'method': u'dns_is_enabled'}, {u'params': [[], {}], u'method':
u'trustconfig_show'})): SUCCESS
[Tue Mar 03 12:21:34.667686 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: json_metadata(None, None, object=u'all'): SUCCESS
[Tue Mar 03 12:21:35.002795 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: json_metadata(None, None, command=u'all'): SUCCESS
[Tue Mar 03 12:21:35.607923 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: user_find(u'', sizelimit=0, pkey_only=True): SUCCESS
[Tue Mar 03 12:21:35.695390 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: user_show(u'admin', no_members=True): SUCCESS
[Tue Mar 03 12:21:35.695725 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch(({u'params': [[u'admin'], {u'no_members': True}],
u'method': u'user_show'},)): SUCCESS
[Tue Mar 03 12:21:41.369089 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: role_find(u'', sizelimit=0, pkey_only=True): SUCCESS
[Tue Mar 03 12:21:41.426571 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: role_show(u'IT Security Specialist',
no_members=True): SUCCESS
[Tue Mar 03 12:21:41.428475 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: role_show(u'IT Specialist', no_members=True):
SUCCESS
[Tue Mar 03 12:21:41.430391 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: role_show(u'Security Architect',
no_members=True): SUCCESS
[Tue Mar 03 12:21:41.432380 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: role_show(u'User Administrator',
no_members=True): SUCCESS
[Tue Mar 03 12:21:41.434401 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch: role_show(u'helpdesk', no_members=True): SUCCESS
[Tue Mar 03 12:21:41.434791 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: batch(({u'params': [[u'IT Security Specialist'],
{u'no_members': True}], u'method': u'role_show'}, {u'params': [[u'IT
Specialist'], {u'no_members': True}], u'method': u'role_show'}, {u'params':
[[u'Security Architect'], {u'no_members': True}], u'method': u'role_show'},
{u'params': [[u'User Administrator'], {u'no_members': True}], u'method':
u'role_show'}, {u'params': [[u'helpdesk'], {u'no_members': True}],
u'method': u'role_show'})): SUCCESS
[Tue Mar 03 12:21:44.887796 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: trust_find(u'', sizelimit=0, pkey_only=True): SUCCESS
[Tue Mar 03 12:21:46.551033 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: trust_show(u'kwttestdc.com', rights=True, all=True):
SUCCESS
[Tue Mar 03 12:21:50.277095 2015] [:error] [pid 5643] ipa: INFO:
admin@SOLIPA.LOCAL: trustdomain_find(u'kwttestdc.com', u'', sizelimit=0):
SUCCESS
[Tue Mar 03 12:23:40.322942 2015] [:error] [pid 5642] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:24:33.747970 2015] [mpm_prefork:notice] [pid 5640] AH00170:
caught SIGWINCH, shutting down gracefully
[Tue Mar 03 12:24:34.897235 2015] [suexec:notice] [pid 5928] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 03 12:24:35.054320 2015] [auth_digest:notice] [pid 5928] AH01757:
generating secret for digest authentication ...
[Tue Mar 03 12:24:35.054895 2015] [lbmethod_heartbeat:notice] [pid 5928]
AH02282: No slotmem from mod_heartmonitor
[Tue Mar 03 12:24:35.062223 2015] [mpm_prefork:notice] [pid 5928] AH00163:
Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC
mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Mar 03 12:24:35.062253 2015] [core:notice] [pid 5928] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Mar 03 12:24:36.548124 2015] [:error] [pid 5930] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 12:24:36.705261 2015] [:error] [pid 5931] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 12:24:40.680284 2015] [:error] [pid 5930] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:27:09.118008 2015] [:error] [pid 5931] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:30:11.090164 2015] [:error] [pid 5930] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:31:41.802566 2015] [:error] [pid 5931] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 12:59:20.926434 2015] [:error] [pid 5930] ipa: INFO:
admin@SOLIPA.LOCAL: group_add(u'ad_users_external', description=u'
kwttestdc.com users external map', nonposix=False, external=True,
all=False, raw=False, version=u'2.65', no_members=False): SUCCESS
[Tue Mar 03 12:59:37.431092 2015] [:error] [pid 5931] ipa: INFO:
admin@SOLIPA.LOCAL: group_add(u'ad_users', description=u'kwttestdc.com
users', nonposix=False, external=False, all=False, raw=False,
version=u'2.65', no_members=False): SUCCESS
[Tue Mar 03 12:59:51.013947 2015] [:error] [pid 5930] ipa: WARNING: Search
on AD DC KWTTESTDC001.kwttestdc.com:3268 failed with: Insufficient access:
SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor
code may provide more information (KDC policy rejects request)
[Tue Mar 03 12:59:51.016172 2015] [:error] [pid 5930] ipa: INFO:
admin@SOLIPA.LOCAL: group_add_member(u'ad_users_external',
ipaexternalmember=(u'KWTTESTDC\\\\Domain Users',), all=False, raw=False,
version=u'2.65', no_members=False): SUCCESS
[Tue Mar 03 13:02:26.166599 2015] [:error] [pid 5931] ipa: WARNING: Search
on AD DC KWTTESTDC001.kwttestdc.com:3268 failed with: Insufficient access:
SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor
code may provide more information (KDC policy rejects request)
[Tue Mar 03 13:02:26.168967 2015] [:error] [pid 5931] ipa: INFO:
admin@SOLIPA.LOCAL: group_add_member(u'ad_users_external',
ipaexternalmember=(u'KWTTESTDC\\\\Domain Users',), all=False, raw=False,
version=u'2.65', no_members=False): SUCCESS
[Tue Mar 03 13:03:01.402913 2015] [mpm_prefork:notice] [pid 5928] AH00170:
caught SIGWINCH, shutting down gracefully
[Tue Mar 03 13:03:02.552272 2015] [suexec:notice] [pid 6259] AH01232:
suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 03 13:03:02.717818 2015] [auth_digest:notice] [pid 6259] AH01757:
generating secret for digest authentication ...
[Tue Mar 03 13:03:02.718405 2015] [lbmethod_heartbeat:notice] [pid 6259]
AH02282: No slotmem from mod_heartmonitor
[Tue Mar 03 13:03:02.722947 2015] [mpm_prefork:notice] [pid 6259] AH00163:
Apache/2.4.6 (CentOS) mod_auth_kerb/5.4 mod_nss/2.4.6 NSS/3.15.4 Basic ECC
mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Tue Mar 03 13:03:02.722971 2015] [core:notice] [pid 6259] AH00094: Command
line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Mar 03 13:03:04.176015 2015] [:error] [pid 6261] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 13:03:04.372111 2015] [:error] [pid 6262] ipa: INFO: ***
PROCESS START ***
[Tue Mar 03 13:04:11.740356 2015] [:error] [pid 6261] ipa: INFO:
admin@SOLIPA.LOCAL: trust_add(u'kwttestdc.com', trust_type=u'ad',
realm_admin=u'adm-ben.george', realm_passwd=u'********', all=False,
raw=False, version=u'2.65'): SUCCESS
[Tue Mar 03 13:04:39.190084 2015] [:error] [pid 6262] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError
[Tue Mar 03 13:05:02.725135 2015] [:error] [pid 6261] ipa: INFO:
admin@SOLIPA.LOCAL: trust_fetch_domains(u'kwttestdc.com', rights=False,
all=False, raw=False, version=u'2.65'): RemoteRetrieveError



the last 2 lines only getting updated while giving ipa trust-fetch-domains "
kwttestdc.com"

On Tue, Mar 3, 2015 at 1:37 PM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On Tue, 03 Mar 2015, Ben .T.George wrote:
>
>> HI
>>
>> thanks for the replay.
>>
>> iwas going through the replays and find that you suggested to check
>> firewall and DNS
>>
> What do you see in /var/log/httpd/error_log as result of dumping
> netr_LogonControl2Ex structure? You never showed that.
>
> Like in https://www.redhat.com/archives/freeipa-users/2015-
> February/msg00404.html
>
> --
> / Alexander Bokovoy
>

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Re: [Freeipa-users] ipa group-add-member failed

Reply via email to