Ah, I see this thread was resolved already, my MUA just failed to properly attach it to the thread. Please disregard this mail then (but I was right with the root cause though :)
Martin On 01/02/2014 05:46 PM, Martin Kosek wrote: > Hello Les, > > Did you manage to resolve the issue? I just got to it after the Christmas > break. Reading few resources online, this error seems to come of a > misconfigured httpd when for example mod_authz_groupfile.so or > mod_authz_user.so Apache modules are not loaded (I have them loaded in > /etc/httpd/conf.modules.d/00-base.conf). > > Did you modify httpd configuration before you run ipa-replica-install in any > way? > > Martin > > On 12/16/2013 01:44 PM, Les Stott wrote: >> Petr, >> >> The below was the error from apache error logs.... >> >>> Apache logs the following error at the same time... >>> >>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration >>> error: couldn't check access. No groups file?: /ipa/xml, referer: >>> https://replica.mydomain.com/ipa/xml >> >> Other lines in the /var/log/httpd/error log at the same time... >> >> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START *** >> [Mon Dec 16 04:26:49 2013] [error] ipa: INFO: *** PROCESS START *** >> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration error: >> couldn't check access. No groups file?: /ipa/xml, referer: >> https://replica.mydomain.com/ipa/xml >> [Mon Dec 16 04:29:01 2013] [notice] caught SIGTERM, shutting down >> [Mon Dec 16 04:29:02 2013] [notice] SELinux policy enabled; httpd running as >> context unconfined_u:system_r:httpd_t:s0 >> >> Regards, >> >> Les >> >> ________________________________________ >> From: Petr Spacek [pspa...@redhat.com] >> Sent: Monday, December 16, 2013 10:38 PM >> To: Les Stott; freeipa-users@redhat.com >> Subject: Re: [Freeipa-users] Trouble with replica install >> >> On 16.12.2013 10:55, Les Stott wrote: >>> Sorry, when I said "selinux is in permissive mode, but it's the same as on >>> the master server, so it should be the issue." It should have read as >>> "selinux is in permissive mode, but it's the same as on the master server, >>> so it should NOT be the issue." >>> >>> Les >>> >>> From: freeipa-users-boun...@redhat.com >>> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Les Stott >>> Sent: Monday, 16 December 2013 8:47 PM >>> To: freeipa-users@redhat.com >>> Subject: [Freeipa-users] Trouble with replica install >>> >>> Hi, >>> >>> Running ipa-server-3.0.0-37.el6.x86_64 on rhel6. >>> Already setup master server, now trying to install replica (which I've done >>> before and its worked fine). >>> >>> The replica install gets all the way to the end but errors out. For the >>> most part, it looks like it is complete, but I want to be sure there are no >>> lingering issues. >>> >>> The error I see in the log is...(domain and ip's changed) >>> >>> ------------------------ >>> 2013-12-16T09:26:50Z DEBUG stderr=Hostname: replica.mydomain.com >>> Realm: MYDOMAIN.COM >>> DNS Domain: mydomain.com >>> IPA Server: replica.mydomain.com >>> BaseDN: dc=mydomain,dc=com >>> Domain mydomain.com is already configured in existing SSSD config, creating >>> a new one. >>> The old /etc/sssd/sssd.conf is backed up and will be restored during >>> uninstall. >>> Configured /etc/sssd/sssd.conf >>> trying https://replica.mydomain.com/ipa/xml >>> Forwarding 'env' to server u'https://replica.mydomain.com/ipa/xml' >>> Traceback (most recent call last): >>> File "/usr/sbin/ipa-client-install", line 2377, in <module> >>> sys.exit(main()) >>> File "/usr/sbin/ipa-client-install", line 2363, in main >>> rval = install(options, env, fstore, statestore) >>> File "/usr/sbin/ipa-client-install", line 2167, in install >>> remote_env = api.Command['env'](server=True)['result'] >>> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 435, in >>> __call__ >>> ret = self.run(*args, **options) >>> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 1073, >>> in run >>> return self.forward(*args, **options) >>> File "/usr/lib/python2.6/site-packages/ipalib/frontend.py", line 769, in >>> forward >>> return self.Backend.xmlclient.forward(self.name, *args, **kw) >>> File "/usr/lib/python2.6/site-packages/ipalib/rpc.py", line 776, in >>> forward >>> raise NetworkError(uri=server, error=e.errmsg) >> >>> ipalib.errors.NetworkError: cannot connect to >>> u'https://replica.mydomain.com/ipa/xml': Internal Server Error >> >> Please look into /var/log/httpd/errors.log on server replica.mydomain.com and >> check error messages there. >> >> Petr^2 Spacek >> >>> >>> 2013-12-16T09:26:50Z INFO File >>> "/usr/lib/python2.6/site-packages/ipaserver/install/installutils.py", line >>> 614, in run_script >>> return_value = main_function() >>> >>> File "/usr/sbin/ipa-replica-install", line 527, in main >>> raise RuntimeError("Failed to configure the client") >>> >>> 2013-12-16T09:26:50Z INFO The ipa-replica-install command failed, >>> exception: RuntimeError: Failed to configure the client >>> ------------------- >>> >>> Apache logs the following error at the same time... >>> >>> [Mon Dec 16 04:26:50 2013] [crit] [client 192.168.0.13] configuration >>> error: couldn't check access. No groups file?: /ipa/xml, referer: >>> https://replica.mydomain.com/ipa/xml >>> >>> I can login to the gui and it seems ok, but I'm rolling this into >>> production so I've got to get it right. >>> >>> I'm hoping this is just some bug because its an older freeipa on redhat >>> (minimal install) etc. selinux is in permissive mode, but it's the same as >>> on the master server, so it should be the issue. >>> >>> Is this error critical? How can I fix it? >>> >>> Thanks in advance, >>> >>> Les >> >> _______________________________________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/mailman/listinfo/freeipa-users >> > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users > _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
