[Freeipa-users] Unable to access to web ui
seli irithyl
seli.irithyl at gmail.com
Fri Jun 3 13:10:40 UTC 2016
# getcert list
returns 9 request ID. All 9 are in status "MONITORING" and expire after
2017.
So no expired certificate.
Number of certificates and requests being tracked: 9.
Request ID '20150313092422':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-BIOINF-LOCAL',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-BIOINF-LOCAL/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-BIOINF-LOCAL',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=lead.bioinf.local,O=BIOINF.LOCAL
expires: 2017-03-13 09:24:21 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv BIOINF-LOCAL
track: yes
auto-renew: yes
Request ID '20150313092456':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=lead.bioinf.local,O=BIOINF.LOCAL
expires: 2017-03-13 09:24:56 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
Request ID '20150710083112':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS
Certificate DB'
certificate:
type=NSSDB,location='/etc/pki/nssdb',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=lead.bioinf.local,O=BIOINF.LOCAL
expires: 2017-07-10 08:31:16 UTC
principal name: host/lead.bioinf.local at BIOINF.LOCAL
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20160106131740':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=CA Audit,O=BIOINF.LOCAL
expires: 2017-03-02 09:24:01 UTC
key usage: digitalSignature,nonRepudiation
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"auditSigningCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20160106131741':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=OCSP Subsystem,O=BIOINF.LOCAL
expires: 2017-03-02 09:24:00 UTC
key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
eku: id-kp-OCSPSigning
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"ocspSigningCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20160106131742':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=CA Subsystem,O=BIOINF.LOCAL
expires: 2017-03-02 09:24:01 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"subsystemCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20160106131743':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=Certificate Authority,O=BIOINF.LOCAL
expires: 2035-03-13 09:23:59 UTC
key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert
"caSigningCert cert-pki-ca"
track: yes
auto-renew: yes
Request ID '20160106131744':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS
Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=IPA RA,O=BIOINF.LOCAL
expires: 2017-03-02 09:24:16 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: /usr/lib64/ipa/certmonger/renew_ra_cert_pre
post-save command: /usr/lib64/ipa/certmonger/renew_ra_cert
track: yes
auto-renew: yes
Request ID '20160106131745':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB',pin set
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=BIOINF.LOCAL
subject: CN=lead.bioinf.local,O=BIOINF.LOCAL
expires: 2017-03-02 09:24:00 UTC
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth
pre-save command: /usr/lib64/ipa/certmonger/stop_pkicad
post-save command: /usr/lib64/ipa/certmonger/renew_ca_cert "Server-Cert
cert-pki-ca"
track: yes
auto-renew: yes
Do you use IPA with externally signed CA cert? Are they valid?
I don't think (but I don't know how to check this to be sure ?)
Thx for your help !
Seli
On Fri, Jun 3, 2016 at 1:15 PM, Petr Vobornik <pvoborni at redhat.com> wrote:
> On 06/03/2016 11:11 AM, seli irithyl wrote:
> > Sorry Martin,
> > I rebooted the IdM server:
> > [root at lead sssd]# ipactl status
> > Directory Service: RUNNING
> > krb5kdc Service: RUNNING
> > kadmin Service: RUNNING
> > ipa_memcached Service: RUNNING
> > httpd Service: RUNNING
> > pki-tomcatd Service: RUNNING
> > ipa-otpd Service: RUNNING
> > ipa: INFO: The ipactl command was successful
> >
> > I checked DNS and it is ok
> >
> > I can login from any host.
> >
> > Unfortunately when trying to run any ipa command:
> > [root at lead ~]# ipa service-find lead.bioinf.local
> > ipa: ERROR: cert validation failed for
> > "E=root at lead.bioinf.local
> ,CN=lead.bioinf.local,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--"
> > ((SEC_ERROR_CA_CERT_INVALID) Issuer certificate is invalid.)
> > ipa: ERROR: cannot connect to 'https://lead.bioinf.local/ipa/json':
> > (SEC_ERROR_CA_CERT_INVALID) Issuer certificate is invalid.
> >
> > Is anybody has an idea on where and what to check next ?
> > Thx,
> >
> > Seli
> >
>
> does
> # getcert list
>
> show any expired certificate?
>
> Do you use IPA with externally signed CA cert? Are they valid?
>
> >
> >
> > On Tue, May 31, 2016 at 8:33 AM, Martin Kosek <mkosek at redhat.com
> > <mailto:mkosek at redhat.com>> wrote:
> >
> > Hello Seli,
> >
> > Please reply to mailing list directly so that others can benefit
> from the
> > thread as well.
> >
> > Thanks,
> > Martin
> >
> > On 05/30/2016 06:17 PM, seli irithyl wrote:
> > > Freeipa version : 4.2.0-15.0.1.el7.centos.6.1
> > > FF: 45.1.1
> > > Could this problem be related to mod_ssl and mod_nss for httpd ?
> > > Looking the logs, it seems there are lots of problems, here are
> some
> > parts that
> > > look strange to me (and are probably unrelated) :
> > > 1 sssd:
> > > 1.1 krb5_child.log
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > [unpack_buffer]
> > > (0x0100): cmd [249] uid [1713400053] gid [1713400053] validate
> [true]
> > enterprise
> > > principal [false] offline [false] UPN [koto at BIOINF.LOCAL]
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > [k5c_setup_fast]
> > > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> > [host/lead.bioinf.local at BIOINF.LOCAL]
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > > [check_fast_ccache] (0x0200): FAST TGT is still valid.
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> [become_user]
> > > (0x0200): Trying to become user [1713400053][1713400053].
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > > [set_lifetime_options] (0x0100): SSSD_KRB5_RENEWABLE_LIFETIME is
> set to [7d]
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > > [set_lifetime_options] (0x0100): SSSD_KRB5_LIFETIME is set to [1d]
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set
> to [true]
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > > [sss_krb5_prompter] (0x0020): Cannot handle password prompts.
> > > (Mon May 30 17:18:05 2016) [[sssd[krb5_child[32832]]]]
> > [k5c_send_data]
> > > (0x0200): Received error code 0
> > > 1.2 sssd_bioinf.local.log
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [check_ccache_files] (0x0200): Failed to check ccache file
> > > [KEYRING:persistent:1713400031].
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [check_ccache_files] (0x0200): Failed to check ccache file
> > > [KEYRING:persistent:1713400053].
> > > ...
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [check_and_export_options] (0x0100): No KDC explicitly
> configured, using
> > defaults.
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [check_and_export_options] (0x0100): No kpasswd server explicitly
> configured,
> > > using the KDC or defaults.
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [parse_krb5_map_user] (0x0200): Warning: krb5_map_user is empty!
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [load_backend_module] (0x0200): no module name found in confdb,
> using [ipa].
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [common_parse_search_base] (0x0100): Search base added:
> > > [SUDO][ou=SUDOers,dc=bioinf,dc=local][SUBTREE][]
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > [check_ipv4_addr]
> > > (0x0200): Loopback IPv4 address 127.0.0.1
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > [check_ipv6_addr]
> > > (0x0200): Loopback IPv6 address ::1
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [load_backend_module] (0x0200): no module name found in confdb,
> using [ipa].
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [common_parse_search_base] (0x0100): Search base added:
> > > [AUTOFS][cn=default,cn=automount,dc=bioinf,dc=local][SUBTREE][]
> > > (Mon May 30 17:16:01 2016) [sssd[be[bioinf.local]]]
> > > [load_backend_module] (0x0200): no module name found in confdb,
> using [ipa].
> > > ...
> > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not
> parse
> > domain SID
> > > from [(null)]
> > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not
> parse
> > domain SID
> > > from [(null)]
> > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]]
> > > [sdap_idmap_domain_has_algorithmic_mapping] (0x0080): Could not
> parse
> > domain SID
> > > from [(null)]
> > > ...
> > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]]
> > > [sdap_process_group_send] (0x0040): No Members. Done!
> > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]]
> > > [sdap_process_group_send] (0x0040): No Members. Done!
> > > (Mon May 30 17:16:11 2016) [sssd[be[bioinf.local]]]
> > > [sdap_process_group_send] (0x0040): No Members. Done!
> > > ...
> > > 1.3 sssd_nss.log
> > > (Mon May 30 17:18:07 2016) [sssd[nss]] [calc_flat_name]
> > (0x0080): Flat
> > > name requested but domain has noflat name set, falling back to
> domain name
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [sss_cmd_get_version]
> > (0x0200):
> > > Received client version [1].
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [sss_cmd_get_version]
> > (0x0200):
> > > Offered version [1].
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [sss_cmd_get_version]
> > (0x0200):
> > > Received client version [1].
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [sss_cmd_get_version]
> > (0x0200):
> > > Offered version [1].
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [sss_parse_name_for_domains]
> > > (0x0200): name 'root' matched without domain, user is root
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [nss_cmd_getbynam] (0x0100):
> > > Requesting info for [root] from [<ALL>]
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [nss_cmd_initgroups_search]
> > > (0x0080): No matching domain found for [root], fail!
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [sss_parse_name_for_domains]
> > > (0x0200): name 'root' matched without domain, user is root
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [nss_cmd_getbynam] (0x0100):
> > > Requesting info for [root] from [<ALL>]
> > > (Mon May 30 17:20:01 2016) [sssd[nss]]
> [nss_cmd_initgroups_search]
> > > (0x0080): No matching domain found for [root], fail!
> > > (Mon May 30 17:20:01 2016) [sssd[nss]] [client_recv]
> (0x0200):
> > Client
> > > disconnected!
> > > (Mon May 30 17:20:01 2016) [sssd[nss]] [client_recv]
> (0x0200):
> > Client
> > > disconnected!
> > >
> > > 2 pki : catalina.2016-05-30.log
> > > May 30, 2016 2:18:10 PM org.apache.coyote.AbstractProtocol
> init
> > > SEVERE: Failed to initialize end point associated with
> ProtocolHandler
> > > ["http-bio-8443"]
> > > java.net.BindException: Could not bind to address: (-5982)
> Local Network
> > > address is in use. <null>:8443
> > > at
> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:411)
> > > at
> > >
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
> > > at
> > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
> > > at
> > >
> >
> org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
> > > at
> >
> org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > > at
> > >
> >
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > > at
> > >
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > > at
> org.apache.catalina.startup.Catalina.load(Catalina.java:638)
> > > at
> org.apache.catalina.startup.Catalina.load(Catalina.java:663)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> > > at
> > >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > at
> > >
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > at java.lang.reflect.Method.invoke(Method.java:497)
> > > at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
> > > at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
> > > Caused by: java.net.BindException: Could not bind to address:
> > (-5982) Local
> > > Network address is in use.
> > > at org.mozilla.jss.ssl.SocketBase.socketBind(Native
> Method)
> > > at
> > org.mozilla.jss.ssl.SSLServerSocket.<init>(SSLServerSocket.java:159)
> > > at
> > >
> >
> org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:937)
> > > at
> > >
> >
> org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:929)
> > > at
> > >
> >
> org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:924)
> > > at
> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
> > > ... 17 more
> > > May 30, 2016 2:18:10 PM
> org.apache.catalina.core.StandardService
> > initInternal
> > > SEVERE: Failed to initialize connector
> [Connector[HTTP/1.1-8443]]
> > > org.apache.catalina.LifecycleException: Failed to initialize
> component
> > > [Connector[HTTP/1.1-8443]]
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106)
> > > at
> > >
> >
> org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > > at
> > >
> org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:813)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > > at
> org.apache.catalina.startup.Catalina.load(Catalina.java:638)
> > > at
> org.apache.catalina.startup.Catalina.load(Catalina.java:663)
> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> > > at
> > >
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > > at
> > >
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > > at java.lang.reflect.Method.invoke(Method.java:497)
> > > at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:280)
> > > at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:454)
> > > Caused by: org.apache.catalina.LifecycleException: Protocol
> handler
> > > initialization failed
> > > at
> >
> org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
> > > at
> > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
> > > ... 12 more
> > > Caused by: java.net.BindException: Could not bind to address:
> > (-5982) Local
> > > Network address is in use. <null>:8443
> > > at
> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:411)
> > > at
> > >
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640)
> > > at
> > org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
> > > at
> > >
> >
> org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
> > > at
> >
> org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
> > > ... 13 more
> > > Caused by: java.net.BindException: Could not bind to address:
> > (-5982) Local
> > > Network address is in use.
> > > at org.mozilla.jss.ssl.SocketBase.socketBind(Native
> Method)
> > > at
> > org.mozilla.jss.ssl.SSLServerSocket.<init>(SSLServerSocket.java:159)
> > > at
> > >
> >
> org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:937)
> > > at
> > >
> >
> org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:929)
> > > at
> > >
> >
> org.apache.tomcat.util.net.jss.JSSSocketFactory.createSocket(JSSSocketFactory.java:924)
> > > at
> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:398)
> > > ... 17 more
> > >
> > > 3. dirsrv
> > > [26/May/2016:12:14:10 +0200] - WARNING: userRoot: entry
> cache size
> > 512000B
> > > is less than db size 1163264B; We recommend to increase the entry
> cache size
> > > nsslapd-cachememsize.
> > > [26/May/2016:12:14:10 +0200] - WARNING: ipaca: entry cache
> size
> > 512000B is
> > > less than db size 1015808B; We recommend to increase the entry
> cache size
> > > nsslapd-cachememsize.
> > > [26/May/2016:12:14:10 +0200] - WARNING: changelog: entry
> cache size
> > 512000B
> > > is less than db size 10100736B; We recommend to increase the
> entry cache size
> > > nsslapd-cachememsize.
> > > [26/May/2016:12:14:10 +0200] schema-compat-plugin - scheduled
> > > schema-compat-plugin tree scan in about 5 seconds after the
> server startup!
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=dns,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=dns,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=keys,cn=sec,cn=dns,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=dns,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=dns,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=groups,cn=compat,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=computers,cn=compat,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=ng,cn=compat,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > ou=sudoers,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=users,cn=compat,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=vaults,cn=kra,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > > cn=ad,cn=etc,dc=bioinf,dc=local does not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > cn=casigningcert
> > > cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bioinf,dc=local does
> not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> > cn=casigningcert
> > > cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=bioinf,dc=local does
> not exist
> > > [26/May/2016:12:14:10 +0200] NSACLPlugin - The ACL target
> cn=automember
> > > rebuild membership,cn=tasks,cn=config does not exist
> > > [26/May/2016:12:14:10 +0200] - Skipping CoS Definition
> cn=Password
> > > Policy,cn=accounts,dc=bioinf,dc=local--no CoS Templates found,
> which
> > should be
> > > added before the CoS Definition.
> > > [26/May/2016:12:14:10 +0200] schema-compat-plugin -
> schema-compat-plugin
> > > tree scan will start in about 5 seconds!
> > > [26/May/2016:12:14:10 +0200] - slapd started. Listening on
> All
> > Interfaces
> > > port 389 for LDAP requests
> > > [26/May/2016:12:14:10 +0200] - Listening on All Interfaces
> port 636 for
> > > LDAPS requests
> > > [26/May/2016:12:14:10 +0200] - Listening on
> > > /var/run/slapd-BIOINF-LOCAL.socket for LDAPI requests
> > > [26/May/2016:12:14:15 +0200] schema-compat-plugin - warning:
> no
> > entries set
> > > up under ou=sudoers,dc=bioinf,dc=local
> > > [26/May/2016:12:14:15 +0200] schema-compat-plugin - warning:
> no
> > entries set
> > > up under cn=ng, cn=compat,dc=bioinf,dc=local
> > > [26/May/2016:12:14:15 +0200] schema-compat-plugin - Finished
> plugin
> > > initialization.
> > >
> > >
> > > On Mon, May 30, 2016 at 4:46 PM, Martin Kosek <mkosek at redhat.com
> > <mailto:mkosek at redhat.com>
> > > <mailto:mkosek at redhat.com <mailto:mkosek at redhat.com>>> wrote:
> > >
> > > On 05/30/2016 04:36 PM, Martin Basti wrote:
> > > >
> > > >
> > > > On 30.05.2016 14:20, seli irithyl wrote:
> > > >> Hi,
> > > >>
> > > >> Since last update, I'am unable to log in to web ui with FF
> (e.g.
> > blank page)
> > > >> Any idea where too look for ?
> > > >>
> > > >> Best regards,
> > > >>
> > > >> Seli
> > > >>
> > > >>
> > > >>
> > > >>
> > > >>
> > > > Hello,
> > > >
> > > > can you provide version of the freeIPA, firefox. Does it
> work from
> > different
> > > > browser? does it work from private mode?
> > >
> > > + does [CTRL]+F5 helps? Do advise in
> > > http://www.freeipa.org/page/Troubleshooting#Web_UI
> > > help?
> > >
> > >
> >
> >
> >
> >
>
>
> --
> Petr Vobornik
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160603/112bd55d/attachment.htm>
More information about the Freeipa-users
mailing list