Hello, I would apreciate some help to solve my issue on freeipa configuration. I've got two host in my configuration h1, and a replica h2. On host h2, everithing is working well.
On host h1, at the start, everything was working well, but since a few day, I start received error when I login from Web UI interface. I I do a curl on the login_password uri, I've got a 500 error: curl -Lksi --data 'user=admin&password=mypass' https://h1.clae.net/ipa/ session/login_password HTTP/1.1 500 Internal Server Error Date: Wed, 28 Dec 2016 14:41:33 GMT Server: Apache/2.4.25 (Fedora) X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none' Content-Length: 610 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.</p> <p>More information about this error may be available in the server error log.</p> The same request on h2 return sucess curl -Lksi --data 'user=admin&password=mypass' https://h2.clae.net/ipa/ session/login_password HTTP/1.1 200 Success Date: Wed, 28 Dec 2016 14:43:13 GMT Server: Apache/2.4.25 (Fedora) X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none' Set-Cookie: ipa_session=bdb87cfe758fd050dd69f6c0ca9988a3; Domain= kerclaei.clae.net; Path=/ipa; Expires=Wed, 28 Dec 2016 15:03:13 GMT; Secure; HttpOnly Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: text/plain; charset=UTF-8 Looking at the apache log, I can see the following error on h1: [Wed Dec 28 15:03:38.776075 2016] [wsgi:error] [pid 12804] ipa: DEBUG: WSGI wsgi_dispatch.__call__: [Wed Dec 28 15:03:38.776168 2016] [wsgi:error] [pid 12804] ipa: DEBUG: WSGI login_password.__call__: [Wed Dec 28 15:03:38.776348 2016] [wsgi:error] [pid 12804] ipa: DEBUG: Obtaining armor ccache: principal=HTTP/h1.clae....@clae.net keytab=/etc/httpd/conf/ipa.keytab ccache=/var/run/ipa_memcached/krbcc_A_admin [Wed Dec 28 15:03:38.776414 2016] [wsgi:error] [pid 12804] ipa: DEBUG: Initializing principal HTTP/h1.clae....@clae.net using keytab /etc/httpd/conf/ipa.keytab [Wed Dec 28 15:03:38.776470 2016] [wsgi:error] [pid 12804] ipa: DEBUG: using ccache /var/run/ipa_memcached/krbcc_A_admin [Wed Dec 28 15:03:39.395270 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] mod_wsgi (pid=12804): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'. [Wed Dec 28 15:03:39.395330 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] Traceback (most recent call last): [Wed Dec 28 15:03:39.395358 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] File "/usr/share/ipa/wsgi.py", line 63, in application [Wed Dec 28 15:03:39.395397 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] return api.Backend.wsgi_dispatch(environ, start_response) [Wed Dec 28 15:03:39.395412 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in __call__ [Wed Dec 28 15:03:39.395440 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] return self.route(environ, start_response) [Wed Dec 28 15:03:39.395453 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in route [Wed Dec 28 15:03:39.395477 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] return app(environ, start_response) [Wed Dec 28 15:03:39.395491 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 978, in __call__ [Wed Dec 28 15:03:39.395514 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] self.kinit(user, self.api.env.realm, password, ipa_ccache_name) [Wed Dec 28 15:03:39.395527 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 1010, in kinit [Wed Dec 28 15:03:39.395564 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] raise CCacheError(message=unicode(e)) [Wed Dec 28 15:03:39.395589 2016] [wsgi:error] [pid 12804] [remote 192.168.254.1:61185] CCacheError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529638936): Preauthentication failed I've also notice that running ipa command on h1, the command are running ok, but with strange message about password_callback ipa user-show admin exception in PK11 password callback TypeError: password_callback() takes exactly 4 arguments (3 given) exception in PK11 password callback TypeError: password_callback() takes exactly 4 arguments (3 given) exception in PK11 password callback TypeError: password_callback() takes exactly 4 arguments (3 given) Identifiant de connexion: admin Nom: Administrator Répertoire personnel: /home/users/admin Interpréteur de commande: /bin/bash Principal alias: ad...@clae.net UID: 5000 GID: 5000 Compte désactivé: False Mot de passe: True Membre des groupes: admins, trust admins Clés Kerberos disponibles: True The same command on h2 don't show this messages. Can someone help me with this, I take a look on google, but don't find any reference on this, and don't know where to start. Regards, Laurent.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project