<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes I can use ipa on cli<br>
<div class="moz-cite-prefix">On 11-09-2014 20:17, Petr Vobornik
wrote:<br>
</div>
<blockquote cite="mid:5411D910.4030209@redhat.com" type="cite">On
11.9.2014 13:36, Tevfik Ceydeliler wrote:
<br>
<blockquote type="cite">hi,
<br>
thnx for comment.
<br>
I really dont care sibgle sign on or something like that now :)
<br>
All I want I try to get back my ipa server :)
<br>
I check IPA status and :
<br>
[root@srv httpd]# ipactl status
<br>
Directory Service: RUNNING
<br>
KDC Service: RUNNING
<br>
KPASSWD Service: RUNNING
<br>
DNS Service: RUNNING
<br>
MEMCACHE Service: RUNNING
<br>
HTTP Service: RUNNING
<br>
CA Service: RUNNING
<br>
seems no problem ın that side.
<br>
Now I will resert my httpd error log and restart server.
<br>
<br>
[root@srv httpd]# more error_log
<br>
[Thu Sep 11 14:22:59 2014] [notice] caught SIGTERM, shutting
down
<br>
[Thu Sep 11 14:24:18 2014] [notice] SELinux policy enabled;
httpd running as
<br>
context system_u:system_r:httpd_t:s0
<br>
[Thu Sep 11 14:24:18 2014] [notice] suEXEC mechanism enabled
(wrapper:
<br>
/usr/sbin/suexec)
<br>
[Thu Sep 11 14:24:18 2014] [notice] Digest: generating secret
for digest
<br>
authentication ...
<br>
[Thu Sep 11 14:24:18 2014] [notice] Digest: done
<br>
[Thu Sep 11 14:24:19 2014] [notice] Apache/2.2.15 (Unix) DAV/2
mod_auth_kerb/5.4
<br>
mod_nss/2.2.15 NSS/3.15.1 Basic ECC mod_wsgi/3.2 Python/2.6.6
configure
<br>
d -- resuming normal operations
<br>
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START
***
<br>
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START
***
<br>
<br>
And
<br>
<br>
[root@srv httpd]# service iptables status
<br>
iptables: Firewall is not running
<br>
<br>
Seems no problem here.
<br>
<br>
Which service not available?
<br>
</blockquote>
<br>
The "Service not available" is a generic browser 503 error or is
it displayed in FreeIPA Web UI (can you access Web UI, but it
doesn't work).
<br>
<br>
Does CLI work on the server?
<br>
<br>
<blockquote type="cite">
<br>
On 11-09-2014 14:18, Petr Vobornik wrote:
<br>
<blockquote type="cite">Hello Tevfik,
<br>
<br>
comments inline
<br>
<br>
On 11.9.2014 12:24, Tevfik Ceydeliler wrote:
<br>
<blockquote type="cite">
<br>
Hi all,
<br>
I tried to do single sign on for FreeIPa Web UI according to
"4.3.3.
<br>
Configuring the Browser"
<br>
I did browser side and then turn back to server side. And
run those
<br>
command:
<br>
<br>
# scp /etc/krb5.conf
<a class="moz-txt-link-abbreviated" href="mailto:root@externalmachine.example.com:/etc/krb5_ipa.conf">root@externalmachine.example.com:/etc/krb5_ipa.conf</a>
<br>
and
<br>
</blockquote>
<br>
I assume that you want to configure the machine without
enrolling it as
<br>
FreeIPA client. If not, I would suggest you enrolling it as a
client using
<br>
ipa-client-install. Then you don't have to do anything else
except browser
<br>
config.
<br>
<br>
Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf
<br>
<br>
<blockquote type="cite">
<br>
vim /etc/httpd/conf.d/ipa.conf
<br>
<br>
and change this:
<br>
<br>
KrbMethodK5Passwd off --> to --> KrbMethodK5Passwd on
<br>
</blockquote>
<br>
FreeIPA's Web UI support forms-based auth so this is not
usually needed.
<br>
<br>
<blockquote type="cite">
<br>
and restart httpd.
<br>
<br>
Then nothing change. And then I rollback vim
/etc/httpd/conf.d/ipa.conf
<br>
<br>
Now when I try to open Web UI I get An popup error:
<br>
"Service Unavailable"
<br>
</blockquote>
<br>
run:
<br>
<br>
ipactl status
<br>
or
<br>
systemctl status httpd.service
<br>
<br>
or inspect
<br>
<br>
/var/log/httpd/error_log
<br>
<br>
to find out if web server is running - might not be the case
because of
<br>
invalid modifications in /etc/httpd/conf.d/ipa.conf , reason
should be in the log
<br>
<br>
<blockquote type="cite">
<br>
Have you any idea?
<br>
<br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<img src="cid:part1.06090700.00030204@astron.yasar.com.tr"
border="0"></div>
</body>
</html>
<table><tr><td bgcolor=#ffffff><font color=#000000><br><br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg"> </img><br>
<br><br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.<br>
</font></td></tr></table>