[Freeipa-users] FreeIPA Web UI error: Service Unavailable

Petr Vobornik pvoborni at redhat.com
Thu Sep 11 17:17:04 UTC 2014 

On 11.9.2014 13:36, Tevfik Ceydeliler wrote:
> hi,
> thnx for comment.
> I really dont care  sibgle sign on or something like that now :)
> All I want I try to get back my ipa server :)
> I check IPA status and :
> [root at srv httpd]# ipactl status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: RUNNING
> DNS Service: RUNNING
> MEMCACHE Service: RUNNING
> HTTP Service: RUNNING
> CA Service: RUNNING
> seems no problem ın that side.
> Now I will resert my httpd error log and restart server.
>
> [root at srv httpd]# more error_log
> [Thu Sep 11 14:22:59 2014] [notice] caught SIGTERM, shutting down
> [Thu Sep 11 14:24:18 2014] [notice] SELinux policy enabled; httpd running as
> context system_u:system_r:httpd_t:s0
> [Thu Sep 11 14:24:18 2014] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Thu Sep 11 14:24:18 2014] [notice] Digest: generating secret for digest
> authentication ...
> [Thu Sep 11 14:24:18 2014] [notice] Digest: done
> [Thu Sep 11 14:24:19 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_auth_kerb/5.4
> mod_nss/2.2.15 NSS/3.15.1 Basic ECC mod_wsgi/3.2 Python/2.6.6 configure
> d -- resuming normal operations
> [Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***
> [Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***
>
> And
>
> [root at srv httpd]# service iptables status
> iptables: Firewall is not running
>
> Seems no problem here.
>
> Which service not available?

The "Service not available" is a generic browser 503 error or is it 
displayed in FreeIPA Web UI (can you access Web UI, but it doesn't work).

Does CLI work on the server?

>
> On 11-09-2014 14:18, Petr Vobornik wrote:
>> Hello Tevfik,
>>
>> comments inline
>>
>> On 11.9.2014 12:24, Tevfik Ceydeliler wrote:
>>>
>>> Hi all,
>>> I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
>>> Configuring the Browser"
>>> I did browser side and then turn back to server side. And run those
>>> command:
>>>
>>> # scp /etc/krb5.conf root at externalmachine.example.com:/etc/krb5_ipa.conf
>>> and
>>
>> I assume that you want to configure the machine without enrolling it as
>> FreeIPA client. If not, I would suggest you enrolling it as a client using
>> ipa-client-install. Then you don't have to do anything else except browser
>> config.
>>
>> Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf
>>
>>>
>>> vim /etc/httpd/conf.d/ipa.conf
>>>
>>> and change this:
>>>
>>> KrbMethodK5Passwd off  --> to --> KrbMethodK5Passwd on
>>
>> FreeIPA's Web UI support forms-based auth so this is not usually needed.
>>
>>>
>>> and restart httpd.
>>>
>>> Then nothing change. And then I rollback vim /etc/httpd/conf.d/ipa.conf
>>>
>>> Now when I try to open Web UI I get An popup error:
>>> "Service Unavailable"
>>
>> run:
>>
>>     ipactl status
>> or
>>     systemctl status httpd.service
>>
>> or inspect
>>
>>    /var/log/httpd/error_log
>>
>> to find out if web server is running - might not be the case because of
>> invalid modifications in /etc/httpd/conf.d/ipa.conf , reason should be in the log
>>
>>>
>>> Have you any idea?
>>>
-- 
Petr Vobornik

More information about the Freeipa-users mailing list