Re: [Freeipa-users] Trouble with replica install

2014-01-02 Thread Martin Kosek
Ah, I see this thread was resolved already, my MUA just failed to properly
attach it to the thread. Please disregard this mail then (but I was right with
the root cause though :)

Martin

On 01/02/2014 05:46 PM, Martin Kosek wrote:
 Hello Les,
 
 Did you manage to resolve the issue? I just got to it after the Christmas
 break. Reading few resources online, this error seems to come of a
 misconfigured httpd when for example mod_authz_groupfile.so or
 mod_authz_user.so Apache modules are not loaded (I have them loaded in
 /etc/httpd/conf.modules.d/00-base.conf).
 
 Did you modify httpd configuration before you run ipa-replica-install in any 
 way?
 
 Martin
 
 On 12/16/2013 01:44 PM, Les Stott wrote:
 Petr,

 The below was the error from apache error logs

 Apache logs the following error at the same time...

 [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration 
 error:  couldn't check access.  No groups file?: /ipa/xml, referer: 
 https://replica.mydomain.com/ipa/xml

 Other lines in the /var/log/httpd/error log at the same time...

 [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
 [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
 [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: 
  couldn't check access.  No groups file?: /ipa/xml, referer: 
 https://replica.mydomain.com/ipa/xml
 [Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
 [Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
 context unconfined_u:system_r:httpd_t:s0

 Regards,

 Les

 
 From: Petr Spacek [pspa...@redhat.com]
 Sent: Monday, December 16, 2013 10:38 PM
 To: Les Stott; freeipa-users@redhat.com
 Subject: Re: [Freeipa-users] Trouble with replica install

 On 16.12.2013 10:55, Les Stott wrote:
 Sorry, when I said selinux is in permissive mode, but it's the same as on 
 the master server, so it should be the issue. It should have read as 
 selinux is in permissive mode, but it's the same as on the master server, 
 so it should NOT be the issue.

 Les

 From: freeipa-users-boun...@redhat.com 
 [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
 Sent: Monday, 16 December 2013 8:47 PM
 To: freeipa-users@redhat.com
 Subject: [Freeipa-users] Trouble with replica install

 Hi,

 Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
 Already setup master server, now trying to install replica (which I've done 
 before and its worked fine).

 The replica install gets all the way to the end but errors out. For the 
 most part, it looks like it is complete, but I want to be sure there are no 
 lingering issues.

 The error I see in the log is...(domain and ip's changed)

 
 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
 Realm: MYDOMAIN.COM
 DNS Domain: mydomain.com
 IPA Server: replica.mydomain.com
 BaseDN: dc=mydomain,dc=com
 Domain mydomain.com is already configured in existing SSSD config, creating 
 a new one.
 The old /etc/sssd/sssd.conf is backed up and will be restored during 
 uninstall.
 Configured /etc/sssd/sssd.conf
 trying https://replica.mydomain.com/ipa/xml
 Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
 Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 2377, in module
  sys.exit(main())
File /usr/sbin/ipa-client-install, line 2363, in main
  rval = install(options, env, fstore, statestore)
File /usr/sbin/ipa-client-install, line 2167, in install
  remote_env = api.Command['env'](server=True)['result']
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in 
 __call__
  ret = self.run(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, 
 in run
  return self.forward(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in 
 forward
  return self.Backend.xmlclient.forward(self.name, *args, **kw)
File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in 
 forward
  raise NetworkError(uri=server, error=e.errmsg)

 ipalib.errors.NetworkError: cannot connect to 
 u'https://replica.mydomain.com/ipa/xml': Internal Server Error

 Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
 check error messages there.

 Petr^2 Spacek


 2013-12-16T09:26:50Z INFO   File 
 /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 
 614, in run_script
  return_value = main_function()

File /usr/sbin/ipa-replica-install, line 527, in main
  raise RuntimeError(Failed to configure the client)

 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, 
 exception: RuntimeError: Failed to configure the client
 ---

 Apache logs the following error at the same time...

 [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration 
 error:  couldn't check access

[Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott
Hi,

Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done 
before and its worked fine).

The replica install gets all the way to the end but errors out. For the most 
part, it looks like it is complete, but I want to be sure there are no 
lingering issues.

The error I see in the log is...(domain and ip's changed)


2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
Realm: MYDOMAIN.COM
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
BaseDN: dc=mydomain,dc=com
Domain mydomain.com is already configured in existing SSSD config, creating a 
new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
trying https://replica.mydomain.com/ipa/xml
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
  File /usr/sbin/ipa-client-install, line 2377, in module
sys.exit(main())
  File /usr/sbin/ipa-client-install, line 2363, in main
rval = install(options, env, fstore, statestore)
  File /usr/sbin/ipa-client-install, line 2167, in install
remote_env = api.Command['env'](server=True)['result']
  File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in 
__call__
ret = self.run(*args, **options)
  File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, in run
return self.forward(*args, **options)
  File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in 
forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in forward
raise NetworkError(uri=server, error=e.errmsg)
ipalib.errors.NetworkError: cannot connect to 
u'https://replica.mydomain.com/ipa/xml': Internal Server Error

2013-12-16T09:26:50Z INFO   File 
/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, 
in run_script
return_value = main_function()

  File /usr/sbin/ipa-replica-install, line 527, in main
raise RuntimeError(Failed to configure the client)

2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
RuntimeError: Failed to configure the client
---

Apache logs the following error at the same time...

[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml

I can login to the gui and it seems ok, but I'm rolling this into production so 
I've got to get it right.

I'm hoping this is just some bug because its an older freeipa on redhat 
(minimal install) etc. selinux is in permissive mode, but it's the same as on 
the master server, so it should be the issue.

Is this error critical? How can I fix it?

Thanks in advance,

Les
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott
Sorry, when I said selinux is in permissive mode, but it's the same as on the 
master server, so it should be the issue. It should have read as selinux is 
in permissive mode, but it's the same as on the master server, so it should NOT 
be the issue.

Les

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 16 December 2013 8:47 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Trouble with replica install

Hi,

Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done 
before and its worked fine).

The replica install gets all the way to the end but errors out. For the most 
part, it looks like it is complete, but I want to be sure there are no 
lingering issues.

The error I see in the log is...(domain and ip's changed)


2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
Realm: MYDOMAIN.COM
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
BaseDN: dc=mydomain,dc=com
Domain mydomain.com is already configured in existing SSSD config, creating a 
new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
trying https://replica.mydomain.com/ipa/xml
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
  File /usr/sbin/ipa-client-install, line 2377, in module
sys.exit(main())
  File /usr/sbin/ipa-client-install, line 2363, in main
rval = install(options, env, fstore, statestore)
  File /usr/sbin/ipa-client-install, line 2167, in install
remote_env = api.Command['env'](server=True)['result']
  File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in 
__call__
ret = self.run(*args, **options)
  File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, in run
return self.forward(*args, **options)
  File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in 
forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
  File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in forward
raise NetworkError(uri=server, error=e.errmsg)
ipalib.errors.NetworkError: cannot connect to 
u'https://replica.mydomain.com/ipa/xml': Internal Server Error

2013-12-16T09:26:50Z INFO   File 
/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, 
in run_script
return_value = main_function()

  File /usr/sbin/ipa-replica-install, line 527, in main
raise RuntimeError(Failed to configure the client)

2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
RuntimeError: Failed to configure the client
---

Apache logs the following error at the same time...

[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml

I can login to the gui and it seems ok, but I'm rolling this into production so 
I've got to get it right.

I'm hoping this is just some bug because its an older freeipa on redhat 
(minimal install) etc. selinux is in permissive mode, but it's the same as on 
the master server, so it should be the issue.

Is this error critical? How can I fix it?

Thanks in advance,

Les
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Petr Spacek

On 16.12.2013 10:55, Les Stott wrote:

Sorry, when I said selinux is in permissive mode, but it's the same as on the master server, 
so it should be the issue. It should have read as selinux is in permissive mode, but 
it's the same as on the master server, so it should NOT be the issue.

Les

From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 16 December 2013 8:47 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Trouble with replica install

Hi,

Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done 
before and its worked fine).

The replica install gets all the way to the end but errors out. For the most 
part, it looks like it is complete, but I want to be sure there are no 
lingering issues.

The error I see in the log is...(domain and ip's changed)


2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
Realm: MYDOMAIN.COM
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
BaseDN: dc=mydomain,dc=com
Domain mydomain.com is already configured in existing SSSD config, creating a 
new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
trying https://replica.mydomain.com/ipa/xml
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
   File /usr/sbin/ipa-client-install, line 2377, in module
 sys.exit(main())
   File /usr/sbin/ipa-client-install, line 2363, in main
 rval = install(options, env, fstore, statestore)
   File /usr/sbin/ipa-client-install, line 2167, in install
 remote_env = api.Command['env'](server=True)['result']
   File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in 
__call__
 ret = self.run(*args, **options)
   File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, in run
 return self.forward(*args, **options)
   File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in 
forward
 return self.Backend.xmlclient.forward(self.name, *args, **kw)
   File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in forward
 raise NetworkError(uri=server, error=e.errmsg)



ipalib.errors.NetworkError: cannot connect to 
u'https://replica.mydomain.com/ipa/xml': Internal Server Error


Please look into /var/log/httpd/errors.log on server replica.mydomain.com and 
check error messages there.


Petr^2 Spacek



2013-12-16T09:26:50Z INFO   File 
/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 614, 
in run_script
 return_value = main_function()

   File /usr/sbin/ipa-replica-install, line 527, in main
 raise RuntimeError(Failed to configure the client)

2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
RuntimeError: Failed to configure the client
---

Apache logs the following error at the same time...

[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml

I can login to the gui and it seems ok, but I'm rolling this into production so 
I've got to get it right.

I'm hoping this is just some bug because its an older freeipa on redhat 
(minimal install) etc. selinux is in permissive mode, but it's the same as on 
the master server, so it should be the issue.

Is this error critical? How can I fix it?

Thanks in advance,

Les


___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Trouble with replica install

2013-12-16 Thread Les Stott
Petr,

The below was the error from apache error logs

 Apache logs the following error at the same time...

 [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
 couldn't check access.  No groups file?: /ipa/xml, referer: 
 https://replica.mydomain.com/ipa/xml

Other lines in the /var/log/httpd/error log at the same time...

[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
context unconfined_u:system_r:httpd_t:s0

Regards,

Les


From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install

On 16.12.2013 10:55, Les Stott wrote:
 Sorry, when I said selinux is in permissive mode, but it's the same as on 
 the master server, so it should be the issue. It should have read as 
 selinux is in permissive mode, but it's the same as on the master server, so 
 it should NOT be the issue.

 Les

 From: freeipa-users-boun...@redhat.com 
 [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
 Sent: Monday, 16 December 2013 8:47 PM
 To: freeipa-users@redhat.com
 Subject: [Freeipa-users] Trouble with replica install

 Hi,

 Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
 Already setup master server, now trying to install replica (which I've done 
 before and its worked fine).

 The replica install gets all the way to the end but errors out. For the most 
 part, it looks like it is complete, but I want to be sure there are no 
 lingering issues.

 The error I see in the log is...(domain and ip's changed)

 
 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
 Realm: MYDOMAIN.COM
 DNS Domain: mydomain.com
 IPA Server: replica.mydomain.com
 BaseDN: dc=mydomain,dc=com
 Domain mydomain.com is already configured in existing SSSD config, creating a 
 new one.
 The old /etc/sssd/sssd.conf is backed up and will be restored during 
 uninstall.
 Configured /etc/sssd/sssd.conf
 trying https://replica.mydomain.com/ipa/xml
 Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
 Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 2377, in module
  sys.exit(main())
File /usr/sbin/ipa-client-install, line 2363, in main
  rval = install(options, env, fstore, statestore)
File /usr/sbin/ipa-client-install, line 2167, in install
  remote_env = api.Command['env'](server=True)['result']
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in 
 __call__
  ret = self.run(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, in 
 run
  return self.forward(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in 
 forward
  return self.Backend.xmlclient.forward(self.name, *args, **kw)
File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in forward
  raise NetworkError(uri=server, error=e.errmsg)

 ipalib.errors.NetworkError: cannot connect to 
 u'https://replica.mydomain.com/ipa/xml': Internal Server Error

Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
check error messages there.

Petr^2 Spacek


 2013-12-16T09:26:50Z INFO   File 
 /usr/lib/python2.6/site-packages/ipaserver/install/installutils.py, line 
 614, in run_script
  return_value = main_function()

File /usr/sbin/ipa-replica-install, line 527, in main
  raise RuntimeError(Failed to configure the client)

 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
 RuntimeError: Failed to configure the client
 ---

 Apache logs the following error at the same time...

 [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
 couldn't check access.  No groups file?: /ipa/xml, referer: 
 https://replica.mydomain.com/ipa/xml

 I can login to the gui and it seems ok, but I'm rolling this into production 
 so I've got to get it right.

 I'm hoping this is just some bug because its an older freeipa on redhat 
 (minimal install) etc. selinux is in permissive mode, but it's the same as on 
 the master server, so it should be the issue.

 Is this error critical? How can I fix it?

 Thanks in advance,

 Les

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Les Stott
Figured it out.

Missing apache modules (not loaded). One of the following

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

I'm not sure which one, i just matched what was on the master and reinstalled 
the replica - no errors. Been a long day so i don't feel like going through one 
by one, uninstalling/reinstalling etc. I imagine its probably 
mod_authz_groupfile.so, but others are probably needed too.

Regards,

Les




From: Les Stott
Sent: Monday, December 16, 2013 11:44 PM
To: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Trouble with replica install

Petr,

The below was the error from apache error logs

 Apache logs the following error at the same time...

 [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
 couldn't check access.  No groups file?: /ipa/xml, referer: 
 https://replica.mydomain.com/ipa/xml

Other lines in the /var/log/httpd/error log at the same time...

[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
context unconfined_u:system_r:httpd_t:s0

Regards,

Les


From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install

On 16.12.2013 10:55, Les Stott wrote:
 Sorry, when I said selinux is in permissive mode, but it's the same as on 
 the master server, so it should be the issue. It should have read as 
 selinux is in permissive mode, but it's the same as on the master server, so 
 it should NOT be the issue.

 Les

 From: freeipa-users-boun...@redhat.com 
 [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
 Sent: Monday, 16 December 2013 8:47 PM
 To: freeipa-users@redhat.com
 Subject: [Freeipa-users] Trouble with replica install

 Hi,

 Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
 Already setup master server, now trying to install replica (which I've done 
 before and its worked fine).

 The replica install gets all the way to the end but errors out. For the most 
 part, it looks like it is complete, but I want to be sure there are no 
 lingering issues.

 The error I see in the log is...(domain and ip's changed)

 
 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
 Realm: MYDOMAIN.COM
 DNS Domain: mydomain.com
 IPA Server: replica.mydomain.com
 BaseDN: dc=mydomain,dc=com
 Domain mydomain.com is already configured in existing SSSD config, creating a 
 new one.
 The old /etc/sssd/sssd.conf is backed up and will be restored during 
 uninstall.
 Configured /etc/sssd/sssd.conf
 trying https://replica.mydomain.com/ipa/xml
 Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
 Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 2377, in module
  sys.exit(main())
File /usr/sbin/ipa-client-install, line 2363, in main
  rval = install(options, env, fstore, statestore)
File /usr/sbin/ipa-client-install, line 2167, in install
  remote_env = api.Command['env'](server=True)['result']
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in 
 __call__
  ret = self.run(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, in 
 run
  return self.forward(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in 
 forward
  return self.Backend.xmlclient.forward(self.name, *args, **kw)
File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in forward
  raise NetworkError(uri=server, error=e.errmsg)

 ipalib.errors.NetworkError: cannot connect to 
 u'https://replica.mydomain.com/ipa/xml': Internal Server Error

Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
check error

Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Alexander Bokovoy

On Mon, 16 Dec 2013, Les Stott wrote:

Figured it out.

Missing apache modules (not loaded). One of the following

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

I'm not sure which one, i just matched what was on the master and
reinstalled the replica - no errors. Been a long day so i don't feel
like going through one by one, uninstalling/reinstalling etc. I imagine
its probably mod_authz_groupfile.so, but others are probably needed
too.

I wonder if this server was refurbished from some other task where
original configuration was already changed. FreeIPA install scripts
assumes non-modified configuration files.


--
/ Alexander Bokovoy

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


Re: [Freeipa-users] Trouble with replica install - SOLVED

2013-12-16 Thread Les Stott
Alexander,

I think it was a case of a manually locked down (post install) system that had 
been previously built. The master was on a vm that was a newer build, but not 
done in the same way as the older server, so it had a more default out of the 
box configuration.

At least now I now to check this before installing the replica on existing 
machines.

Regards,

Les

-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com] 
Sent: Tuesday, 17 December 2013 12:52 AM
To: Les Stott
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install - SOLVED

On Mon, 16 Dec 2013, Les Stott wrote:
Figured it out.

Missing apache modules (not loaded). One of the following

LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule 
auth_digest_module modules/mod_auth_digest.so LoadModule 
authn_file_module modules/mod_authn_file.so LoadModule 
authn_alias_module modules/mod_authn_alias.so LoadModule 
authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module 
modules/mod_authn_dbm.so LoadModule authn_default_module 
modules/mod_authn_default.so LoadModule authz_host_module 
modules/mod_authz_host.so LoadModule authz_user_module 
modules/mod_authz_user.so LoadModule authz_owner_module 
modules/mod_authz_owner.so LoadModule authz_groupfile_module 
modules/mod_authz_groupfile.so LoadModule authz_dbm_module 
modules/mod_authz_dbm.so LoadModule authz_default_module 
modules/mod_authz_default.so LoadModule authnz_ldap_module 
modules/mod_authnz_ldap.so

I'm not sure which one, i just matched what was on the master and 
reinstalled the replica - no errors. Been a long day so i don't feel 
like going through one by one, uninstalling/reinstalling etc. I imagine 
its probably mod_authz_groupfile.so, but others are probably needed 
too.
I wonder if this server was refurbished from some other task where original 
configuration was already changed. FreeIPA install scripts assumes non-modified 
configuration files.


--
/ Alexander Bokovoy

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users