Figured it out.
Missing apache modules (not loaded). One of the following
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
I'm not sure which one, i just matched what was on the master and reinstalled
the replica - no errors. Been a long day so i don't feel like going through one
by one, uninstalling/reinstalling etc. I imagine its probably
mod_authz_groupfile.so, but others are probably needed too.
Regards,
Les
From: Les Stott
Sent: Monday, December 16, 2013 11:44 PM
To: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Trouble with replica install
Petr,
The below was the error from apache error logs
> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:
> couldn't check access. No groups file?: /ipa/xml, referer:
> https://replica.mydomain.com/ipa/xml
Other lines in the /var/log/httpd/error log at the same time...
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:
couldn't check access. No groups file?: /ipa/xml, referer:
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as
context unconfined_u:system_r:httpd_t:s0
Regards,
Les
From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install
On 16.12.2013 10:55, Les Stott wrote:
> Sorry, when I said "selinux is in permissive mode, but it's the same as on
> the master server, so it should be the issue." It should have read as
> "selinux is in permissive mode, but it's the same as on the master server, so
> it should NOT be the issue."
>
> Les
>
> From: freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
> Sent: Monday, 16 December 2013 8:47 PM
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] Trouble with replica install
>
> Hi,
>
> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
> Already setup master server, now trying to install replica (which I've done
> before and its worked fine).
>
> The replica install gets all the way to the end but errors out. For the most
> part, it looks like it is complete, but I want to be sure there are no
> lingering issues.
>
> The error I see in the log is...(domain and ip's changed)
>
>
> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
> Realm: MYDOMAIN.COM
> DNS Domain: mydomain.com
> IPA Server: replica.mydomain.com
> BaseDN: dc=mydomain,dc=com
> Domain mydomain.com is already configured in existing SSSD config, creating a
> new one.
> The old /etc/sssd/sssd.conf is backed up and will be restored during
> uninstall.
> Configured /etc/sssd/sssd.conf
> trying https://replica.mydomain.com/ipa/xml
> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
> Traceback (most recent call last):
>File "/usr/sbin/ipa-client-install", line 2377, in
> sys.exit(main())
>File "/usr/sbin/ipa-client-install", line 2363, in main
> rval = install(options, env, fstore, statestore)
>File "/usr/sbin/ipa-client-install", line 2167, in install
> remote_env = api.Command['env'](server=True)['result']
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in
> __call__
> ret = self.run(*args, **options)
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in
> run
> return self.forward(*args, **options)
>File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in
> forward
> return self.Backend.xmlclient.forward(self.name, *args, **kw)
>File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
> raise NetworkError(uri=server, error=e.errmsg)
> ipalib.errors.NetworkError: cannot connect to
> u'https://replica.mydomain.com/ipa/xml': Internal Server Error
Please look int