Figured it out.
Missing apache modules (not loaded). One of the following
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
I'm not sure which one, i just matched what was on the master and reinstalled
the replica - no errors. Been a long day so i don't feel like going through one
by one, uninstalling/reinstalling etc. I imagine its probably
mod_authz_groupfile.so, but others are probably needed too.
Regards,
Les
From: Les Stott
Sent: Monday, December 16, 2013 11:44 PM
To: freeipa-users@redhat.com
Subject: RE: [Freeipa-users] Trouble with replica install
Petr,
The below was the error from apache error logs
Apache logs the following error at the same time...
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:
couldn't check access. No groups file?: /ipa/xml, referer:
https://replica.mydomain.com/ipa/xml
Other lines in the /var/log/httpd/error log at the same time...
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:
couldn't check access. No groups file?: /ipa/xml, referer:
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as
context unconfined_u:system_r:httpd_t:s0
Regards,
Les
From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install
On 16.12.2013 10:55, Les Stott wrote:
Sorry, when I said selinux is in permissive mode, but it's the same as on
the master server, so it should be the issue. It should have read as
selinux is in permissive mode, but it's the same as on the master server, so
it should NOT be the issue.
Les
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
Sent: Monday, 16 December 2013 8:47 PM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] Trouble with replica install
Hi,
Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
Already setup master server, now trying to install replica (which I've done
before and its worked fine).
The replica install gets all the way to the end but errors out. For the most
part, it looks like it is complete, but I want to be sure there are no
lingering issues.
The error I see in the log is...(domain and ip's changed)
2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
Realm: MYDOMAIN.COM
DNS Domain: mydomain.com
IPA Server: replica.mydomain.com
BaseDN: dc=mydomain,dc=com
Domain mydomain.com is already configured in existing SSSD config, creating a
new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during
uninstall.
Configured /etc/sssd/sssd.conf
trying https://replica.mydomain.com/ipa/xml
Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 2377, in module
sys.exit(main())
File /usr/sbin/ipa-client-install, line 2363, in main
rval = install(options, env, fstore, statestore)
File /usr/sbin/ipa-client-install, line 2167, in install
remote_env = api.Command['env'](server=True)['result']
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 435, in
__call__
ret = self.run(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 1073, in
run
return self.forward(*args, **options)
File /usr/lib/python2.6/site-packages/ipalib/frontend.py, line 769, in
forward
return self.Backend.xmlclient.forward(self.name, *args, **kw)
File /usr/lib/python2.6/site-packages/ipalib/rpc.py, line 776, in forward
raise NetworkError(uri=server, error=e.errmsg)
ipalib.errors.NetworkError: cannot connect to
u'https://replica.mydomain.com/ipa/xml': Internal Server Error
Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
check error