Petr,

The below was the error from apache error logs....

> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
> couldn't check access.  No groups file?: /ipa/xml, referer: 
> https://replica.mydomain.com/ipa/xml

Other lines in the /var/log/httpd/error log at the same time...

[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START ***
[Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
couldn't check access.  No groups file?: /ipa/xml, referer: 
https://replica.mydomain.com/ipa/xml
[Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down
[Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as 
context unconfined_u:system_r:httpd_t:s0

Regards,

Les

________________________________________
From: Petr Spacek [pspa...@redhat.com]
Sent: Monday, December 16, 2013 10:38 PM
To: Les Stott; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Trouble with replica install

On 16.12.2013 10:55, Les Stott wrote:
> Sorry, when I said "selinux is in permissive mode, but it's the same as on 
> the master server, so it should be the issue." It should have read as 
> "selinux is in permissive mode, but it's the same as on the master server, so 
> it should NOT be the issue."
>
> Les
>
> From: freeipa-users-boun...@redhat.com 
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott
> Sent: Monday, 16 December 2013 8:47 PM
> To: freeipa-users@redhat.com
> Subject: [Freeipa-users] Trouble with replica install
>
> Hi,
>
> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6.
> Already setup master server, now trying to install replica (which I've done 
> before and its worked fine).
>
> The replica install gets all the way to the end but errors out. For the most 
> part, it looks like it is complete, but I want to be sure there are no 
> lingering issues.
>
> The error I see in the log is...(domain and ip's changed)
>
> ------------------------
> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com
> Realm: MYDOMAIN.COM
> DNS Domain: mydomain.com
> IPA Server: replica.mydomain.com
> BaseDN: dc=mydomain,dc=com
> Domain mydomain.com is already configured in existing SSSD config, creating a 
> new one.
> The old /etc/sssd/sssd.conf is backed up and will be restored during 
> uninstall.
> Configured /etc/sssd/sssd.conf
> trying https://replica.mydomain.com/ipa/xml
> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml'
> Traceback (most recent call last):
>    File "/usr/sbin/ipa-client-install", line 2377, in <module>
>      sys.exit(main())
>    File "/usr/sbin/ipa-client-install", line 2363, in main
>      rval = install(options, env, fstore, statestore)
>    File "/usr/sbin/ipa-client-install", line 2167, in install
>      remote_env = api.Command['env'](server=True)['result']
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in 
> __call__
>      ret = self.run(*args, **options)
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, in 
> run
>      return self.forward(*args, **options)
>    File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in 
> forward
>      return self.Backend.xmlclient.forward(self.name, *args, **kw)
>    File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in forward
>      raise NetworkError(uri=server, error=e.errmsg)

> ipalib.errors.NetworkError: cannot connect to 
> u'https://replica.mydomain.com/ipa/xml': Internal Server Error

Please look into /var/log/httpd/errors.log on server replica.mydomain.com and
check error messages there.

Petr^2 Spacek

>
> 2013-12-16T09:26:50Z INFO   File 
> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line 
> 614, in run_script
>      return_value = main_function()
>
>    File "/usr/sbin/ipa-replica-install", line 527, in main
>      raise RuntimeError("Failed to configure the client")
>
> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, exception: 
> RuntimeError: Failed to configure the client
> -------------------
>
> Apache logs the following error at the same time...
>
> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error:  
> couldn't check access.  No groups file?: /ipa/xml, referer: 
> https://replica.mydomain.com/ipa/xml
>
> I can login to the gui and it seems ok, but I'm rolling this into production 
> so I've got to get it right.
>
> I'm hoping this is just some bug because its an older freeipa on redhat 
> (minimal install) etc. selinux is in permissive mode, but it's the same as on 
> the master server, so it should be the issue.
>
> Is this error critical? How can I fix it?
>
> Thanks in advance,
>
> Les

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to