[Freeipa-users] Configuring httpd error when selinux is permissive

郑磊 zhenglei at kylinos.cn
Tue Nov 8 08:33:01 UTC 2016 

Hello everyone,
I have been setting up freeipa(its version is 4.3.1) on Ubuntu. Selinux is enable, and its mode is permissive. I  met a problem at configuring the httpd process, but the process won't be  interrupted. The configuration information is as follows:
Configuring the web interface (httpd). Estimated time: 1 minute
  [1/20]: setting mod_nss port to 443
  [2/20]: setting mod_nss cipher suite
  [3/20]: setting mod_nss protocol list to TLSv1.0 - TLSv1.2
  [4/20]: setting mod_nss password file
  [5/20]: enabling mod_nss renegotiate
  [6/20]: adding URL rewriting rules
  [7/20]: configuring httpd
  [8/20]: configure certmonger for renewals
  [9/20]: setting up httpd keytab
  [10/20]: setting up ssl
  [11/20]: importing CA certificates from LDAP
  [12/20]: publish CA cert
  [13/20]: clean up any existing httpd ccache
  [14/20]: configuring SELinux for httpd
ipa.ipaplatform.redhat.tasks:  ERROR    Cannot get SELinux boolean 'httpd_run_ipa': Command  '/usr/sbin/getsebool httpd_run_ipa' returned non-zero exit status 255
WARNING: Could not set SELinux booleans: httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on

The web interface may not function correctly until 
the booleans are successfully changed with the command:
    /usr/sbin/setsebool -P httpd_can_network_connect=on httpd_run_ipa=on httpd_manage_ipa=on
Try updating the policycoreutils and selinux-policy packages.
  [15/20]: create KDC proxy user
  [16/20]: create KDC proxy config
  [17/20]: enable KDC proxy
  [18/20]: restarting httpd
  [19/20]: configuring httpd to start on boot
  [20/20]: enabling oddjobd
Done configuring the web interface (httpd).
Is there anyone can help me?

Thanks!





------------------
祝:
    工作顺利!生活愉快!
--------------------------
长沙研发中心 郑磊 
电话:18684703229
邮箱:zhenglei at kylinos.cn
公司:天津麒麟信息技术有限公司
地址:湖南长沙市开福区三一大道工美大厦十四楼
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161108/732e94fe/attachment.htm>

More information about the Freeipa-users mailing list