[Freeipa-users] Web UI unavailable after 4.4 upgrade - 400 error
Rob Crittenden
rcritten at redhat.com
Tue May 9 18:18:03 UTC 2017
Pete Fuller wrote:
> From the cli - it looks like the answers I’m getting are actually coming
> from one of my non-upgraded servers.The window for those servers is
> later tonight. The request gets denied on the localhost it seems.
>
> (Lb3 is the local server. Ipa11 is offsite server that has not been
> upgraded)
It is getting a 400 from lb3 so falling back to ipa11.
I'm not sure why Apache is throwing the 400. It sure seems like it is
failing before it gets to IPA though given that nothing is logged. You
can try setting LogLevel debug in /etc/httpd/conf.d/nss.conf and
restarting to get additional debug logging out of Apache, that might
provide some insight.
Or you can diff the working and non-working ipa* conf files in
/etc/httpd/conf.d.
rob
>
> [pfuller at lb3 ~]$ ipa -vvv user-show admin
> ipa: INFO: trying https://lb3.sac.3si/ipa/json
> ipa: INFO: Request: {
> "id": 0,
> "method": "ping",
> "params": [
> [],
> {}
> ]
> }
> send: u'POST /ipa/json HTTP/1.1\r\nHost: lb3.sac.3si\r\nAccept-Encoding:
> gzip\r\nAccept-Language: en-us\r\nReferer:
> https://lb3.sac.3si/ipa/xml\r\nAuthorization: negotiate
> YIICRwYJKoZIhvcSAQICAQBuggI2MIICMqADAgEFoQMCAQ6iBwMFACAAAACjggFMYYIBSDCCAUSgAwIBBaEJGwdTQUMuM1NJoh4wHKADAgEDoRUwExsESFRUUBsLbGIzLnNhYy4zc2mjggEQMIIBDKADAgESoQMCAQKigf8Egfw9Y4DEIZmX3gITIPK11rvcTf0HhPKGCAEsHKQCUTxQp1eXXl8b5vDJ/0eN6aKq23jlNcQAA4OmHLj87I/uJc4EtcXIBmFIisPr5rEIf/6haUtALoL0OJKBIbITpWDB+2IwXobDHA2/IS6TUsZx2yAseJdL4z+q6H0NfuPh3dvFmlYkY6YavX/ZG98J8IrcIqolX5YDCWBqncHZolZXbfhVCLuO9q++F+dzv6OlKLkVg0g3RTd6qkpZvy+6UyhctDbpWXB2J3oN5kkb9tqsZnG7Z/1mOUqiBVaEYKkm0jEKOVm8b1uIDeLF3vMIWli6hCnwGxW47JseV+EjGsekgcwwgcmgAwIBEqKBwQSBvgcl6IIwRu2/C0xB8WFgRQ3VfBdFwL4HtdnyOPCIx8eIHfcL6yyVvUJDMWXF9Pn7K6oDHGzKSFCVJilubuywBIhWBa/fbElFVcNfho6kGjrGZZuXGM25y28xenEFSoN6PKjl81N92gjlRdLo1QZ4YkxO9Re278sCJ8QwVb9jj7lZsJoVlut+lF0LVfgJ9AIzgmtGBBeyTNVPAcLwIDAlM7zSxTYwlOsEV8SFyrA0RSr90HrELQpotUYVeL6CgGo=\r\nUser-Agent:
> xmlrpclib.py/1.0.1 (by www.pythonware.com
> <http://www.pythonware.com>)\r\nContent-Type:
> application/json\r\nContent-Length: 47\r\n\r\n{"params": [[], {}],
> "method": "ping", "id": 0}'
> reply: 'HTTP/1.1 400 Bad Request\r\n'
> header: Date: Mon, 08 May 2017 18:04:19 GMT
> header: Server: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0
> mod_auth_kerb/5.4 mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4
> Python/2.7.5
> header: Content-Length: 347
> header: Connection: close
> header: Content-Type: text/html; charset=iso-8859-1
> ipa: INFO: trying https://ipa11.be.3si/ipa/json
> ipa: INFO: Request: {
> "id": 0,
> "method": "ping",
> "params": [
> [],
> {}
> ]
> }
>
>
>
> Not seeing much in the http logs
>
> [Mon May 08 10:59:12.855952 2017] [mpm_prefork:notice] [pid 25471]
> AH00170: caught SIGWINCH, shutting down gracefully
> [Mon May 08 10:59:14.776824 2017] [suexec:notice] [pid 26007] AH01232:
> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Mon May 08 10:59:14.777094 2017] [:warn] [pid 26007]
> NSSSessionCacheTimeout is deprecated. Ignoring.
> [Mon May 08 10:59:15.044478 2017] [auth_digest:notice] [pid 26007]
> AH01757: generating secret for digest authentication ...
> [Mon May 08 10:59:15.045068 2017] [lbmethod_heartbeat:notice] [pid
> 26007] AH02282: No slotmem from mod_heartmonitor
> [Mon May 08 10:59:15.045085 2017] [:warn] [pid 26007]
> NSSSessionCacheTimeout is deprecated. Ignoring.
> [Mon May 08 10:59:15.053163 2017] [mpm_prefork:notice] [pid 26007]
> AH00163: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_auth_kerb/5.4
> mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured
> -- resuming normal operations
> [Mon May 08 10:59:15.053200 2017] [core:notice] [pid 26007] AH00094:
> Command line: '/usr/sbin/httpd -D FOREGROUND'
> [Mon May 08 10:59:15.321418 2017] [:error] [pid 26014] ipa: DEBUG:
> importing all plugin modules in ipaserver.plugins...
> [Mon May 08 10:59:15.322362 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.aci
> [Mon May 08 10:59:15.345957 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.automember
> [Mon May 08 10:59:15.364950 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.automount
> [Mon May 08 10:59:15.370011 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.baseldap
> [Mon May 08 10:59:15.370124 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.baseldap is not a valid plugin module
> [Mon May 08 10:59:15.370198 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.baseuser
> [Mon May 08 10:59:15.404084 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.batch
> [Mon May 08 10:59:15.404901 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.ca <http://ipaserver.plugins.ca>
> [Mon May 08 10:59:15.451277 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.caacl
> [Mon May 08 10:59:15.451621 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.cert
> [Mon May 08 10:59:15.451817 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.certprofile
> [Mon May 08 10:59:15.451978 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.config
> [Mon May 08 10:59:15.462890 2017] [:error] [pid 26013] ipa: DEBUG:
> importing all plugin modules in ipaserver.plugins...
> [Mon May 08 10:59:15.463836 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.aci
> [Mon May 08 10:59:15.471193 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.delegation
> [Mon May 08 10:59:15.473733 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.dns
> [Mon May 08 10:59:15.487747 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.automember
> [Mon May 08 10:59:15.545605 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.automount
> [Mon May 08 10:59:15.551746 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.baseldap
> [Mon May 08 10:59:15.551868 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.baseldap is not a valid plugin module
> [Mon May 08 10:59:15.551933 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.baseuser
> [Mon May 08 10:59:15.585986 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.batch
> [Mon May 08 10:59:15.586780 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.ca <http://ipaserver.plugins.ca>
> [Mon May 08 10:59:15.618924 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.caacl
> [Mon May 08 10:59:15.619251 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.cert
> [Mon May 08 10:59:15.619444 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.certprofile
> [Mon May 08 10:59:15.619593 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.config
> [Mon May 08 10:59:15.628108 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.delegation
> [Mon May 08 10:59:15.630461 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.dns
> [Mon May 08 10:59:15.638060 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.dnsserver
> [Mon May 08 10:59:15.639672 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.dogtag
> [Mon May 08 10:59:15.702799 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.domainlevel
> [Mon May 08 10:59:15.704065 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.group
> [Mon May 08 10:59:15.734874 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbac
> [Mon May 08 10:59:15.735067 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.hbac is not a valid plugin module
> [Mon May 08 10:59:15.735130 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbacrule
> [Mon May 08 10:59:15.735438 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbacsvc
> [Mon May 08 10:59:15.736517 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbacsvcgroup
> [Mon May 08 10:59:15.739023 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbactest
> [Mon May 08 10:59:15.741672 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.host
> [Mon May 08 10:59:15.753983 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hostgroup
> [Mon May 08 10:59:15.754187 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.idrange
> [Mon May 08 10:59:15.757489 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.idviews
> [Mon May 08 10:59:15.757839 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.internal
> [Mon May 08 10:59:15.761469 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.join
> [Mon May 08 10:59:15.762598 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.krbtpolicy
> [Mon May 08 10:59:15.763800 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.ldap2
> [Mon May 08 10:59:15.764794 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.location
> [Mon May 08 10:59:15.766411 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.migration
> [Mon May 08 10:59:15.770396 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.dnsserver
> [Mon May 08 10:59:15.771955 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.dogtag
> [Mon May 08 10:59:15.775364 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.misc
> [Mon May 08 10:59:15.776219 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.netgroup
> [Mon May 08 10:59:15.776408 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.otp
> [Mon May 08 10:59:15.776572 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.otp is not a valid plugin module
> [Mon May 08 10:59:15.776635 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.otpconfig
> [Mon May 08 10:59:15.777846 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.otptoken
> [Mon May 08 10:59:15.783145 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.passwd
> [Mon May 08 10:59:15.784323 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.permission
> [Mon May 08 10:59:15.791777 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.ping
> [Mon May 08 10:59:15.792052 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.pkinit
> [Mon May 08 10:59:15.792211 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.pkinit is not a valid plugin module
> [Mon May 08 10:59:15.792278 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.privilege
> [Mon May 08 10:59:15.792476 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.pwpolicy
> [Mon May 08 10:59:15.794119 2017] [:error] [pid 26014] ipa: DEBUG:
> Starting external process
> [Mon May 08 10:59:15.794199 2017] [:error] [pid 26014] ipa: DEBUG:
> args=klist -V
> [Mon May 08 10:59:15.799162 2017] [:error] [pid 26014] ipa: DEBUG:
> Process finished, return code=0
> [Mon May 08 10:59:15.799259 2017] [:error] [pid 26014] ipa: DEBUG:
> stdout=Kerberos 5 version 1.14.1
> [Mon May 08 10:59:15.799265 2017] [:error] [pid 26014]
> [Mon May 08 10:59:15.799321 2017] [:error] [pid 26014] ipa: DEBUG: stderr=
> [Mon May 08 10:59:15.802573 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.rabase
> [Mon May 08 10:59:15.802689 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.rabase is not a valid plugin module
> [Mon May 08 10:59:15.802750 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.radiusproxy
> [Mon May 08 10:59:15.805507 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.realmdomains
> [Mon May 08 10:59:15.809372 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.role
> [Mon May 08 10:59:15.810962 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.schema
> [Mon May 08 10:59:15.837359 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.domainlevel
> [Mon May 08 10:59:15.838697 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.group
> [Mon May 08 10:59:15.845807 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.selfservice
> [Mon May 08 10:59:15.847834 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.selinuxusermap
> [Mon May 08 10:59:15.848073 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.server
> [Mon May 08 10:59:15.869002 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbac
> [Mon May 08 10:59:15.869202 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.hbac is not a valid plugin module
> [Mon May 08 10:59:15.869281 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbacrule
> [Mon May 08 10:59:15.869568 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbacsvc
> [Mon May 08 10:59:15.870643 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbacsvcgroup
> [Mon May 08 10:59:15.873201 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hbactest
> [Mon May 08 10:59:15.875843 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.host
> [Mon May 08 10:59:15.888407 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.hostgroup
> [Mon May 08 10:59:15.888593 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.idrange
> [Mon May 08 10:59:15.891897 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.idviews
> [Mon May 08 10:59:15.892257 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.internal
> [Mon May 08 10:59:15.895872 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.join
> [Mon May 08 10:59:15.897012 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.krbtpolicy
> [Mon May 08 10:59:15.898211 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.ldap2
> [Mon May 08 10:59:15.899184 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.location
> [Mon May 08 10:59:15.900768 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.migration
> [Mon May 08 10:59:15.909770 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.misc
> [Mon May 08 10:59:15.910620 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.netgroup
> [Mon May 08 10:59:15.910806 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.otp
> [Mon May 08 10:59:15.910969 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.otp is not a valid plugin module
> [Mon May 08 10:59:15.911032 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.otpconfig
> [Mon May 08 10:59:15.912261 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.otptoken
> [Mon May 08 10:59:15.917579 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.passwd
> [Mon May 08 10:59:15.918743 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.permission
> [Mon May 08 10:59:15.926286 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.ping
> [Mon May 08 10:59:15.926569 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.pkinit
> [Mon May 08 10:59:15.926719 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.pkinit is not a valid plugin module
> [Mon May 08 10:59:15.926783 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.privilege
> [Mon May 08 10:59:15.926983 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.pwpolicy
> [Mon May 08 10:59:15.928679 2017] [:error] [pid 26013] ipa: DEBUG:
> Starting external process
> [Mon May 08 10:59:15.928750 2017] [:error] [pid 26013] ipa: DEBUG:
> args=klist -V
> [Mon May 08 10:59:15.933325 2017] [:error] [pid 26013] ipa: DEBUG:
> Process finished, return code=0
> [Mon May 08 10:59:15.933413 2017] [:error] [pid 26013] ipa: DEBUG:
> stdout=Kerberos 5 version 1.14.1
> [Mon May 08 10:59:15.933418 2017] [:error] [pid 26013]
> [Mon May 08 10:59:15.933474 2017] [:error] [pid 26013] ipa: DEBUG: stderr=
> [Mon May 08 10:59:15.936616 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.rabase
> [Mon May 08 10:59:15.936729 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.rabase is not a valid plugin module
> [Mon May 08 10:59:15.936790 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.radiusproxy
> [Mon May 08 10:59:15.939491 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.realmdomains
> [Mon May 08 10:59:15.943097 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.role
> [Mon May 08 10:59:15.944624 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.schema
> [Mon May 08 10:59:15.978072 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.selfservice
> [Mon May 08 10:59:15.980171 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.selinuxusermap
> [Mon May 08 10:59:15.980410 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.server
> [Mon May 08 10:59:16.249070 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.serverrole
> [Mon May 08 10:59:16.250937 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.serverroles
> [Mon May 08 10:59:16.251262 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.service
> [Mon May 08 10:59:16.251595 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.servicedelegation
> [Mon May 08 10:59:16.254904 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.session
> [Mon May 08 10:59:16.256507 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.stageuser
> [Mon May 08 10:59:16.258356 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudo
> [Mon May 08 10:59:16.258539 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.sudo is not a valid plugin module
> [Mon May 08 10:59:16.258602 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudocmd
> [Mon May 08 10:59:16.259726 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudocmdgroup
> [Mon May 08 10:59:16.261571 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudorule
> [Mon May 08 10:59:16.269844 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.topology
> [Mon May 08 10:59:16.274894 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.trust
> [Mon May 08 10:59:16.286224 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.user
> [Mon May 08 10:59:16.286572 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.vault
> [Mon May 08 10:59:16.296978 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.virtual
> [Mon May 08 10:59:16.297081 2017] [:error] [pid 26014] ipa: DEBUG:
> ipaserver.plugins.virtual is not a valid plugin module
> [Mon May 08 10:59:16.297150 2017] [:error] [pid 26014] ipa: DEBUG:
> importing plugin module ipaserver.plugins.xmlserver
> [Mon May 08 10:59:16.364668 2017] [:error] [pid 26014] ipa: DEBUG:
> SessionAuthManager.register: name=xmlserver_session_139942843997200
> [Mon May 08 10:59:16.365568 2017] [:error] [pid 26014] ipa: DEBUG:
> SessionAuthManager.register: name=jsonserver_session_139942844019152
> [Mon May 08 10:59:16.382070 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.serverrole
> [Mon May 08 10:59:16.383939 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.serverroles
> [Mon May 08 10:59:16.384270 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.service
> [Mon May 08 10:59:16.384597 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.servicedelegation
> [Mon May 08 10:59:16.387879 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.session
> [Mon May 08 10:59:16.389506 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.stageuser
> [Mon May 08 10:59:16.391398 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudo
> [Mon May 08 10:59:16.391582 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.sudo is not a valid plugin module
> [Mon May 08 10:59:16.391644 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudocmd
> [Mon May 08 10:59:16.392779 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudocmdgroup
> [Mon May 08 10:59:16.394587 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.sudorule
> [Mon May 08 10:59:16.402782 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.topology
> [Mon May 08 10:59:16.407910 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.trust
> [Mon May 08 10:59:16.419428 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.user
> [Mon May 08 10:59:16.419772 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.vault
> [Mon May 08 10:59:16.430208 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.virtual
> [Mon May 08 10:59:16.430311 2017] [:error] [pid 26013] ipa: DEBUG:
> ipaserver.plugins.virtual is not a valid plugin module
> [Mon May 08 10:59:16.430372 2017] [:error] [pid 26013] ipa: DEBUG:
> importing plugin module ipaserver.plugins.xmlserver
> [Mon May 08 10:59:16.451416 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
> [Mon May 08 10:59:16.451555 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:16.497682 2017] [:error] [pid 26013] ipa: DEBUG:
> SessionAuthManager.register: name=xmlserver_session_139942843997200
> [Mon May 08 10:59:16.498514 2017] [:error] [pid 26013] ipa: DEBUG:
> SessionAuthManager.register: name=jsonserver_session_139942844019152
> [Mon May 08 10:59:16.582967 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.login_password() at '/session/login_password'
> [Mon May 08 10:59:16.583114 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.103275 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
> [Mon May 08 10:59:17.148714 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
> [Mon May 08 10:59:17.234845 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.sync_token() at '/session/sync_token'
> [Mon May 08 10:59:17.280518 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.change_password() at '/session/change_password'
> [Mon May 08 10:59:17.397722 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
> [Mon May 08 10:59:17.397862 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.397953 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.504097 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
> [Mon May 08 10:59:17.504234 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.531236 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.xmlserver_session() at '/session/xml'
> [Mon May 08 10:59:17.531357 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.531447 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.602015 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.login_x509() at '/session/login_x509'
> [Mon May 08 10:59:17.602158 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.638029 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.login_kerberos() at '/session/login_kerberos'
> [Mon May 08 10:59:17.638166 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.665313 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.xmlserver() at '/xml'
> [Mon May 08 10:59:17.665430 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.736510 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.login_x509() at '/session/login_x509'
> [Mon May 08 10:59:17.736656 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.737976 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
> [Mon May 08 10:59:17.738089 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.799767 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.xmlserver() at '/xml'
> [Mon May 08 10:59:17.799902 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.800287 2017] [:error] [pid 26014] ipa: DEBUG:
> Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
> [Mon May 08 10:59:17.800404 2017] [:error] [pid 26014] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.872938 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.jsonserver_session() at '/session/json'
> [Mon May 08 10:59:17.873074 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:17.935616 2017] [:error] [pid 26013] ipa: DEBUG:
> Mounting ipaserver.rpcserver.jsonserver_kerb() at '/json'
> [Mon May 08 10:59:17.935746 2017] [:error] [pid 26013] ipa: DEBUG:
> session_auth_duration: 0:20:00
> [Mon May 08 10:59:18.179768 2017] [:error] [pid 26014] ipa: INFO: ***
> PROCESS START ***
> [Mon May 08 10:59:18.313005 2017] [:error] [pid 26013] ipa: INFO: ***
> PROCESS START ***
>
>
>
>> On May 8, 2017, at 1:57 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>> Pete Fuller wrote:
>>> http error log has nothing. This is with http restart and a failed
>>> request for web ui. The request has no error. Is there a different log
>>> that I am overlooking that might have more information?
>>
>> No.
>>
>> Create /etc/ipa/server.conf with these contents:
>>
>> [global]
>> debug = True
>>
>> Restart Apache.
>>
>> Try with a browser and see what gets logged, if anything.
>>
>> I'd also try with the cli to compare. With the client you can add -vvv
>> to get a lot more client-side logging: ipa -vvv user-show admin
>>
>> rob
>>
>>>
>>>
>>> [Mon May 08 10:46:14.842162 2017] [:warn] [pid 25471]
>>> NSSSessionCacheTimeout is deprecated. Ignoring.
>>> [Mon May 08 10:46:15.136803 2017] [auth_digest:notice] [pid 25471]
>>> AH01757: generating secret for digest authentication ...
>>> [Mon May 08 10:46:15.137403 2017] [lbmethod_heartbeat:notice] [pid
>>> 25471] AH02282: No slotmem from mod_heartmonitor
>>> [Mon May 08 10:46:15.137422 2017] [:warn] [pid 25471]
>>> NSSSessionCacheTimeout is deprecated. Ignoring.
>>> [Mon May 08 10:46:15.145343 2017] [mpm_prefork:notice] [pid 25471]
>>> AH00163: Apache/2.4.6 (CentOS) mod_auth_gssapi/1.4.0 mod_auth_kerb/5.4
>>> mod_nss/1.0.14 NSS/3.21 Basic ECC mod_wsgi/3.4 Python/2.7.5 configured
>>> -- resuming normal operations
>>> [Mon May 08 10:46:15.145378 2017] [core:notice] [pid 25471] AH00094:
>>> Command line: '/usr/sbin/httpd -D FOREGROUND'
>>> [Mon May 08 10:46:18.234880 2017] [:error] [pid 25476] ipa: INFO: ***
>>> PROCESS START ***
>>> [Mon May 08 10:46:18.431700 2017] [:error] [pid 25475] ipa: INFO: ***
>>> PROCESS START **
>>>
>>>
>>>
>>>> On May 8, 2017, at 1:43 PM, Rob Crittenden <rcritten at redhat.com
>>>> <mailto:rcritten at redhat.com>
>>>> <mailto:rcritten at redhat.com>> wrote:
>>>>
>>>> Pete Fuller wrote:
>>>>> IPA command line seems to work. Have been able to use ipa user-find
>>>>> and ipa cert-find. Can also sudo and kinit from other machines as
>>>>> IPA user.
>>>>>
>>>>> Another clue here, looks like even when querying with the ipa cli
>>>>> tools,
>>>>> I’m getting 400 errors in the access logs. The top one is obviously a
>>>>> browser request. The next 4 were following a cli call to ipa
>>>>> user-find.
>>>>> That request does respond back with users, so not sure what is failing
>>>>> there. The 192.168.0.95 IP is the local ip of the IPA server itself.
>>>>>
>>>>> 192.168.51.20 - - [08/May/2017:10:31:46 -0700] "GET / HTTP/1.1" 400 347
>>>>> "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0)
>>>>> Gecko/20100101 Firefox/53.0"
>>>>> 192.168.0.95 - - [08/May/2017:10:32:40 -0700] "POST /ipa/json HTTP/1.1"
>>>>> 400 347
>>>>> 192.168.0.95 - - [08/May/2017:10:32:43 -0700] "POST /ipa/json HTTP/1.1"
>>>>> 400 347
>>>>> 192.168.0.95 - - [08/May/2017:10:33:01 -0700] "POST /ipa/json HTTP/1.1"
>>>>> 400 347
>>>>> 192.168.0.95 - - [08/May/2017:10:33:10 -0700] "POST /ipa/json HTTP/1.1"
>>>>> 400 347
>>>>
>>>> Note that client activity (login, sudo, etc) does not go through Apache.
>>>> Only the IPA API does (so web UI and cli).
>>>>
>>>> Still need to see the error log.
>>>>
>>>> rob
>>>>
>>>>>
>>>>>
>>>>>> On May 8, 2017, at 1:20 PM, Rob Crittenden <rcritten at redhat.com
>>>>>> <mailto:rcritten at redhat.com>
>>>>>> <mailto:rcritten at redhat.com>
>>>>>> <mailto:rcritten at redhat.com>> wrote:
>>>>>>
>>>>>> Pete Fuller wrote:
>>>>>>> I ran the 4.4 upgrade yesterday on a group of Centos7 servers
>>>>>>> that are
>>>>>>> IPA replicas for my North American datacenters. All seem to have the
>>>>>>> same issue that I am now unable to connect to the web UI, with the
>>>>>>> following error in the browser…
>>>>>>>
>>>>>>>
>>>>>>> Bad Request
>>>>>>>
>>>>>>> Your browser sent a request that this server could not understand.
>>>>>>>
>>>>>>> Additionally, a 400 Bad Request error was encountered while trying to
>>>>>>> use an ErrorDocument to handle the request.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> The maddening thing is I can’t find any reference in the apache
>>>>>>> logs to
>>>>>>> what is generating the error and why a direct request to the UI would
>>>>>>> error.
>>>>>>>
>>>>>>> As far as I can tell IPA is otherwise working. Logins seem to work,
>>>>>>> sudo rules are working, DNS is working.
>>>>>>>
>>>>>>> [root at lb3 httpd]# ipactl status
>>>>>>> Directory Service: RUNNING
>>>>>>> krb5kdc Service: RUNNING
>>>>>>> kadmin Service: RUNNING
>>>>>>> named Service: RUNNING
>>>>>>> ipa_memcached Service: RUNNING
>>>>>>> httpd Service: RUNNING
>>>>>>> ipa-custodia Service: RUNNING
>>>>>>> ntpd Service: RUNNING
>>>>>>> pki-tomcatd Service: RUNNING
>>>>>>> ipa-otpd Service: RUNNING
>>>>>>> ipa-dnskeysyncd Service: RUNNING
>>>>>>>
>>>>>>> I can see one file in the httpd/conf.d directory that was changed -
>>>>>>> nss.conf. I attempted reverting and that did not work.
>>>>>>>
>>>>>>> Has anyone run upon this error?
>>>>>>
>>>>>> Does the ipa command-line tool work?
>>>>>>
>>>>>> What are you seeing in the Apache error log?
>>>>>>
>>>>>> rob
>
More information about the Freeipa-users
mailing list