[Freeipa-users] Error 500 on authentification from WebUI,

Laurent ARNAL lo73fr at gmail.com
Wed Dec 28 14:47:45 UTC 2016 

Hello,

I would apreciate some help to solve my issue on freeipa configuration.
I've got two host in my configuration h1, and a replica h2.
On host h2, everithing is working well.

On host h1, at the start, everything was working well, but since a few day,
I start received error when I login from Web UI interface.

I I do a curl on the login_password uri, I've got a 500 error:
curl -Lksi --data 'user=admin&password=mypass' https://h1.clae.net/ipa/
session/login_password
HTTP/1.1 500 Internal Server Error
Date: Wed, 28 Dec 2016 14:41:33 GMT
Server: Apache/2.4.25 (Fedora)
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'
Content-Length: 610
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to complete
your request.</p>
<p>Please contact the server administrator at
 root at localhost to inform them of the time this error occurred,
 and the actions you performed just before this error.</p>
<p>More information about this error may be available
in the server error log.</p>

The same request on h2 return sucess
 curl -Lksi --data 'user=admin&password=mypass' https://h2.clae.net/ipa/
session/login_password
HTTP/1.1 200 Success
Date: Wed, 28 Dec 2016 14:43:13 GMT
Server: Apache/2.4.25 (Fedora)
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'
Set-Cookie: ipa_session=bdb87cfe758fd050dd69f6c0ca9988a3; Domain=
kerclaei.clae.net; Path=/ipa; Expires=Wed, 28 Dec 2016 15:03:13 GMT;
Secure; HttpOnly
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

Looking at the apache log, I can see the following error on h1:

[Wed Dec 28 15:03:38.776075 2016] [wsgi:error] [pid 12804] ipa: DEBUG: WSGI
wsgi_dispatch.__call__:
[Wed Dec 28 15:03:38.776168 2016] [wsgi:error] [pid 12804] ipa: DEBUG: WSGI
login_password.__call__:
[Wed Dec 28 15:03:38.776348 2016] [wsgi:error] [pid 12804] ipa: DEBUG:
Obtaining armor ccache: principal=HTTP/h1.clae.net at CLAE.NET
keytab=/etc/httpd/conf/ipa.keytab
ccache=/var/run/ipa_memcached/krbcc_A_admin
[Wed Dec 28 15:03:38.776414 2016] [wsgi:error] [pid 12804] ipa: DEBUG:
Initializing principal HTTP/h1.clae.net at CLAE.NET using keytab
/etc/httpd/conf/ipa.keytab
[Wed Dec 28 15:03:38.776470 2016] [wsgi:error] [pid 12804] ipa: DEBUG:
using ccache /var/run/ipa_memcached/krbcc_A_admin
[Wed Dec 28 15:03:39.395270 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185] mod_wsgi (pid=12804): Exception occurred processing
WSGI script '/usr/share/ipa/wsgi.py'.
[Wed Dec 28 15:03:39.395330 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185] Traceback (most recent call last):
[Wed Dec 28 15:03:39.395358 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]   File "/usr/share/ipa/wsgi.py", line 63, in
application
[Wed Dec 28 15:03:39.395397 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]     return api.Backend.wsgi_dispatch(environ,
start_response)
[Wed Dec 28 15:03:39.395412 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 262, in
__call__
[Wed Dec 28 15:03:39.395440 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]     return self.route(environ, start_response)
[Wed Dec 28 15:03:39.395453 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 274, in
route
[Wed Dec 28 15:03:39.395477 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]     return app(environ, start_response)
[Wed Dec 28 15:03:39.395491 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 978, in
__call__
[Wed Dec 28 15:03:39.395514 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]     self.kinit(user, self.api.env.realm, password,
ipa_ccache_name)
[Wed Dec 28 15:03:39.395527 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]   File
"/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 1010, in
kinit
[Wed Dec 28 15:03:39.395564 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185]     raise CCacheError(message=unicode(e))
[Wed Dec 28 15:03:39.395589 2016] [wsgi:error] [pid 12804] [remote
192.168.254.1:61185] CCacheError: Major (851968): Unspecified GSS failure.
Minor code may provide more information, Minor (2529638936):
Preauthentication failed

I've also notice that running ipa command on h1, the command are running
ok, but with strange message about password_callback
ipa user-show admin
exception in PK11 password callback
TypeError: password_callback() takes exactly 4 arguments (3 given)
exception in PK11 password callback
TypeError: password_callback() takes exactly 4 arguments (3 given)
exception in PK11 password callback
TypeError: password_callback() takes exactly 4 arguments (3 given)
  Identifiant de connexion: admin
  Nom: Administrator
  Répertoire personnel: /home/users/admin
  Interpréteur de commande: /bin/bash
  Principal alias: admin at CLAE.NET
  UID: 5000
  GID: 5000
  Compte désactivé: False
  Mot de passe: True
  Membre des groupes: admins, trust admins
  Clés Kerberos disponibles: True

The same command on h2 don't show this messages.

Can someone help me with this, I take a look on google, but don't find any
reference on this, and don't know where to start.

Regards,
       Laurent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161228/3bda2fb5/attachment.htm>

More information about the Freeipa-users mailing list