Disregard this part
>>Also, I don't see a server.conf file at /etc/ipa so that I
may enable debugging. What can you suggest for this issue?
The file is
/etc/ipa/default.conf. I should have looked before replying.
I have uploaded the httpd error_log to pastebin for review.
https://pastebin.com/RpK5EZQr
________________________________
From: Jeremy Tourville <jeremy_tourville(a)hotmail.com>
Sent: Tuesday, September 7, 2021 11:09 AM
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Florence Renaud <flo(a)redhat.com>
Subject: Re: [Freeipa-users] Re: Why is ipa-ods-exporter broken after running
ipa-dns-install? (Was - Unable to start directory server after updates)
I think I see the issue but I am unsure what to do to fix it. See below.
To answer your question, yes I did accept the security exception.
Also, I don't see a server.conf file at /etc/ipa so that I may enable debugging. What
can you suggest for this issue?
[root@utility ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-ods-exporter Service: STOPPED
ods-enforcerd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[root@utility ~]# kinit admin
Password for admin(a)IDM.NAC-ISSA.ORG:
[root@utility ~]# klist
Ticket cache: KCM:0:43616
Default principal: admin(a)IDM.NAC-ISSA.ORG
Valid starting Expires Service principal
09/07/2021 10:59:23 09/08/2021 10:09:04 krbtgt/IDM.NAC-ISSA.ORG(a)IDM.NAC-ISSA.ORG
[root@utility ~]# ipa config-show
ipa: ERROR: cannot connect to 'https://utility.idm.nac-issa.org/ipa/json': [SSL:
CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)
________________________________
From: Florence Renaud <flo(a)redhat.com>
Sent: Tuesday, September 7, 2021 10:47 AM
To: FreeIPA users list <freeipa-users(a)lists.fedorahosted.org>
Cc: Jeremy Tourville <jeremy_tourville(a)hotmail.com>
Subject: Re: [Freeipa-users] Re: Why is ipa-ods-exporter broken after running
ipa-dns-install? (Was - Unable to start directory server after updates)
Hi Jeremy,
Did you accept the security exception displayed by the browser (I'm trying to
eliminate obvious issues)?
If nothing is displayed, can you check if ipa command-line is working as expected (for
instance do "kinit admin; ipa config-show")?
You may want to enable debug logs (add debug=True to the [global] section of
/etc/ipa/server.conf and restart httpd service), retry WebUI authentication and check the
generated logs in /var/log/http/error_log
flo
On Tue, Sep 7, 2021 at 2:01 PM Jeremy Tourville via FreeIPA-users
<freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>>
wrote:
OK,
Why don't I see anything on the initial login page?
All I see is the URL and the fact that the certificate is not trusted. The certificate is
not expired yet. Not until Nov 2021.
The login in page is mostly solid white with no login or password field.
_______________________________________________
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave@lists.fedorahosted.org<mailto:freeipa-users-leave@lists.fedorahosted.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure