Disregard this part
>>>Also, I don't see a server.conf file at /etc/ipa so that I may enable
>>>debugging. What can you suggest for this issue?
The file is /etc/ipa/default.conf. I should have looked before replying.
I have uploaded the httpd error_log to pastebin for review.
Hi Jeremy,
Did you accept the security exception displayed by the browser (I'm trying
to eliminate obvious issues)?
If nothing is displayed, can you check if ipa command-line is working as
expected (for instance do "kinit admin; ipa config-show")?
You may want to enable debug logs (add debug=True
I think I see the issue but I am unsure what to do to fix it. See below.
To answer your question, yes I did accept the security exception.
Also, I don't see a server.conf file at /etc/ipa so that I may enable
debugging. What can you suggest for this issue?
[root@utility ~]# ipactl status
/var/lib/ipa/certs/httpd.crt
looks valid and has a 3 year validity date starting from Nov 23, 2020
/etc/ipa/ca.crt
looks valid and has a 20 year validity date starting from Nov 23, 2020
From: Florence Renaud
Sent: Tuesday, September 7, 2021 11:38 AM
To: Jeremy
Thanks!
I compared between a working one and this and the output looked the same. I
did not see anything obvious.
Instead of continuing to spin my wheels I decided to go the route of just
blowing the whole replica away and recreating it - Problem solved!
:-)
On Thu, Sep 2, 2021 at 4:47 PM Rob
Hi Jeremy,
to enable debugging you can simply create /etc/ipa/server.conf if the file
does not exist:
# cat /etc/ipa/server.conf
[global]
debug=True
# systemctl restart httpd
The HTTPd certificate is stored in /var/lib/ipa/certs/httpd.crt, you can
examine its content with
# openssl x509 -noout
Hi,
ipa-ods-exporter is a socket-activated service, and ipactl status may show
it as STOPPED. That's not an issue (and you can see the status of ipactl as
successful) as the socket is still listening on events and will wake the
service on demand.
If it is started manually without the appropriate
OK,
Why don't I see anything on the initial login page?
All I see is the URL and the fact that the certificate is not trusted. The
certificate is not expired yet. Not until Nov 2021.
The login in page is mostly solid white with no login or password field.