[Freeipa-users] Fresh Install of FreeIPA-Server - CentOS7
Dagan McGregor
list at sudo.nz
Tue May 16 21:08:18 UTC 2017
On 17 May 2017 8:50:02 AM NZST, "Robert L. Harris" <robert.l.harris at gmail.com> wrote:
>I can, though that's what I did 2 days ago, fresh install from latest
>ISO.
>
>
>On Tue, May 16, 2017 at 2:40 PM Andrew Holway <andrew.holway at gmail.com>
>wrote:
>
>> I have a feeling that there is something broken with your image.
>Could you
>> try installing Centos from ISO?
>>
>>
>> On 16 May 2017 at 22:37, Robert L. Harris <robert.l.harris at gmail.com>
>> wrote:
>>
>>>
>>> I left SELinux enabled, no change, still streaming the same error:
>>>
>>> [Tue May 16 14:36:48.957848 2017] [:error] [pid 10780]
>NSS_Initialize
>>> failed. Certificate database: /etc/httpd/alias.
>>> [Tue May 16 14:36:48.957883 2017] [:error] [pid 10780] SSL Library
>Error:
>>> -8038 SEC_ERROR_NOT_INITIALIZED
>>> [Tue May 16 14:36:48.957886 2017] [:error] [pid 10780] Does the NSS
>>> database exist?
>>>
>>>
>>>
>>> On Tue, May 16, 2017 at 2:12 PM Andrew Holway
><andrew.holway at gmail.com>
>>> wrote:
>>>
>>>> Yea, I would try installing IPA then making the changes that you
>want. I
>>>> think SELinux should be left enabled however. It makes admin super
>fun! :)
>>>>
>>>>
>>>> On 16 May 2017 at 21:57, Robert L. Harris
><robert.l.harris at gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>> I did disable selinux as it gave errors setting up my standard
>users,
>>>>> etc. I can roll back the snapshot, set it at 4Gigs of RAM and
>re-enable
>>>>> selinux and then try again.
>>>>>
>>>>>
>>>>> On Tue, May 16, 2017 at 1:52 PM Andrew Holway
><andrew.holway at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> This is pretty weird. FreeIPA installation normally works.
>>>>>>
>>>>>> Has the operating system image been changed or optimised somehow?
>>>>>> Perhaps SELinux has been disabled? Have you tried installing
>Centos7 from
>>>>>> the ISO?
>>>>>>
>>>>>> On 16 May 2017 at 21:48, Robert L. Harris
><robert.l.harris at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>> 2 Gigs, it's a VM. The VM didn't report any memory issues (
>no
>>>>>>> alarms on VMWare )
>>>>>>>
>>>>>>>
>>>>>>> On Tue, May 16, 2017 at 12:29 PM Andrew Holway <
>>>>>>> andrew.holway at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hallo,
>>>>>>>>
>>>>>>>> How much memory do you have on the machine. I have a sneaking
>>>>>>>> suspicion that you're running out.
>>>>>>>>
>>>>>>>> Ta,
>>>>>>>>
>>>>>>>> Andrew
>>>>>>>>
>>>>>>>> On 16 May 2017 at 17:16, Robert L. Harris
><robert.l.harris at gmail.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Last night I rolled back my snapshot. Here's what I have
>after the
>>>>>>>>> yum install
>>>>>>>>>
>>>>>>>>> "minimal" install of Centos7 + basic build.
>>>>>>>>> {0}:/var/log>cat /etc/*elease
>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>> NAME="CentOS Linux"
>>>>>>>>> VERSION="7 (Core)"
>>>>>>>>> ID="centos"
>>>>>>>>> ID_LIKE="rhel fedora"
>>>>>>>>> VERSION_ID="7"
>>>>>>>>> PRETTY_NAME="CentOS Linux 7 (Core)"
>>>>>>>>> ANSI_COLOR="0;31"
>>>>>>>>> CPE_NAME="cpe:/o:centos:centos:7"
>>>>>>>>> HOME_URL="https://www.centos.org/"
>>>>>>>>> BUG_REPORT_URL="https://bugs.centos.org/"
>>>>>>>>>
>>>>>>>>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>>>>>>>>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>>>>>>>>> REDHAT_SUPPORT_PRODUCT="centos"
>>>>>>>>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>>>>>>>>>
>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>> CentOS Linux release 7.3.1611 (Core)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> {0}:/var/log>rpm -q -a | egrep -i 'http|apach|tomc|ipa|krb'
>>>>>>>>> sssd-krb5-common-1.14.0-43.el7_3.14.x86_64
>>>>>>>>> python2-ipaclient-4.4.0-14.el7.centos.7.noarch
>>>>>>>>> ipa-common-4.4.0-14.el7.centos.7.noarch
>>>>>>>>> perl-HTTP-Tiny-0.033-3.el7.noarch
>>>>>>>>> python-iniparse-0.4-9.el7.noarch
>>>>>>>>> ipa-client-common-4.4.0-14.el7.centos.7.noarch
>>>>>>>>> pam_krb5-2.4.8-6.el7.x86_64
>>>>>>>>> sssd-krb5-1.14.0-43.el7_3.14.x86_64
>>>>>>>>> python-ipaddress-1.0.16-2.el7.noarch
>>>>>>>>> python2-ipalib-4.4.0-14.el7.centos.7.noarch
>>>>>>>>> krb5-libs-1.14.1-27.el7_3.x86_64
>>>>>>>>> libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>>>>>>> python-libipa_hbac-1.14.0-43.el7_3.14.x86_64
>>>>>>>>> sssd-ipa-1.14.0-43.el7_3.14.x86_64
>>>>>>>>> krb5-workstation-1.14.1-27.el7_3.x86_64
>>>>>>>>> ipa-client-4.4.0-14.el7.centos.7.x86_64
>>>>>>>>>
>>>>>>>>> Tried to pull an exact client. The "yum install ipa-server"
>went
>>>>>>>>> fine:
>>>>>>>>>
>>>>>>>>> {0}:/var/log/httpd>rpm -a -q | grep -i ipa-server
>>>>>>>>> ipa-server-4.4.0-14.el7.centos.7.x86_64
>>>>>>>>> ipa-server-common-4.4.0-14.el7.centos.7.noarch
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> "ipa-server-install" ran clean but has been stuck for 2 days:
>>>>>>>>>
>>>>>>>>> Restarting the directory server
>>>>>>>>> Restarting the KDC
>>>>>>>>> Please add records in this file to your DNS system:
>>>>>>>>> /tmp/ipa.system.records.qLsLyx.db
>>>>>>>>> Restarting the web server
>>>>>>>>> Configuring client side components
>>>>>>>>> Using existing certificate '/etc/ipa/ca.crt'.
>>>>>>>>> Client hostname: ipa.rdlg.net
>>>>>>>>> Realm: RDLG.NET
>>>>>>>>> DNS Domain: rdlg.net
>>>>>>>>> IPA Server: ipa.rdlg.net
>>>>>>>>> BaseDN: dc=rdlg,dc=net
>>>>>>>>>
>>>>>>>>> Skipping synchronizing time with NTP server.
>>>>>>>>> New SSSD config will be created
>>>>>>>>> Configured sudoers in /etc/nsswitch.conf
>>>>>>>>> Configured /etc/sssd/sssd.conf
>>>>>>>>> trying https://ipa.rdlg.net/ipa/json
>>>>>>>>> Forwarding 'schema' to json server
>'https://ipa.rdlg.net/ipa/json'
>>>>>>>>>
>>>>>>>>> Checking the /var/log/httpd/error.log has 2 days of just this:
>>>>>>>>>
>>>>>>>>> [Tue May 16 09:14:42.941476 2017] [:error] [pid 1182]
>>>>>>>>> NSS_Initialize failed. Certificate database: /etc/httpd/alias.
>>>>>>>>> [Tue May 16 09:14:42.941499 2017] [:error] [pid 1182] SSL
>Library
>>>>>>>>> Error: -8038 SEC_ERROR_NOT_INITIALIZED
>>>>>>>>> [Tue May 16 09:14:42.941501 2017] [:error] [pid 1182] Does the
>NSS
>>>>>>>>> database exist?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>> On Fri, May 12, 2017 at 11:14 AM Rob Crittenden <
>>>>>>>>> rcritten at redhat.com> wrote:
>>>>>>>>>
>>>>>>>>>> Robert L. Harris wrote:
>>>>>>>>>> >
>>>>>>>>>> > Hmmm
>>>>>>>>>> >
>>>>>>>>>> > {0}:/var/log>ls
>>>>>>>>>> > anaconda btmp dmesg grubby maillog
>ppp
>>>>>>>>>> secure
>>>>>>>>>> > tallylog wtmp
>>>>>>>>>> > audit cron dmesg.old grubby_prune_debug messages
>rhsm
>>>>>>>>>> spooler
>>>>>>>>>> > tuned yum.log
>>>>>>>>>> > boot.log cups firewalld lastlog ntpstats
>samba
>>>>>>>>>> sssd
>>>>>>>>>> > vmware-vmsvc.log
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > root at ipa
>>>>>>>>>> > {1}:/var/log>rpm -q -l http
>>>>>>>>>> > package http is not installed
>>>>>>>>>> >
>>>>>>>>>> > root at ipa
>>>>>>>>>> > {1}:/var/log>rpm -q -a | grep -i http
>>>>>>>>>> > perl-HTTP-Tiny-0.033-3.el7.noarch
>>>>>>>>>> >
>>>>>>>>>> > root at ipa
>>>>>>>>>> > {0}:/var/log>rpm -q -a | grep -i tomcat
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > Doesn't look like an httpd was installed as a dependancy?
>>>>>>>>>>
>>>>>>>>>> I find this very hard to believe given that it go so far as
>to
>>>>>>>>>> configure
>>>>>>>>>> things in Apache, restart it, etc. What version of
>>>>>>>>>> [free]ipa-server is
>>>>>>>>>> installed? How did you install it and from what repo?
>>>>>>>>>>
>>>>>>>>>> rob
>>>>>>>>>>
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > On Fri, May 12, 2017 at 1:17 AM Martin Bašti
><mbasti at redhat.com
>>>>>>>>>> > <mailto:mbasti at redhat.com>> wrote:
>>>>>>>>>> >
>>>>>>>>>> > That's weird, it should be super fast, anything in
>>>>>>>>>> > /var/log/httpd/error_log?
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> > On 11.05.2017 22:23, Robert L. Harris wrote:
>>>>>>>>>> >>
>>>>>>>>>> >> Odd, must have clicked reply instead of reply-all.
>>>>>>>>>> >>
>>>>>>>>>> >> Anyway, I did the revert and re-install. Actual
>install
>>>>>>>>>> went
>>>>>>>>>> >> through fine then the "ipa-server-install" ran until
>this:
>>>>>>>>>> >>
>>>>>>>>>> >> [8/9]: restoring configuration
>>>>>>>>>> >> [9/9]: starting directory server
>>>>>>>>>> >> Done.
>>>>>>>>>> >> Restarting the directory server
>>>>>>>>>> >> Restarting the KDC
>>>>>>>>>> >> Please add records in this file to your DNS system:
>>>>>>>>>> >> /tmp/ipa.system.records.v5Jwrt.db
>>>>>>>>>> >> Restarting the web server
>>>>>>>>>> >> Configuring client side components
>>>>>>>>>> >> Using existing certificate '/etc/ipa/ca.crt'.
>>>>>>>>>> >> Client hostname: ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>> >> Realm: RDLG.NET <http://RDLG.NET>
>>>>>>>>>> >> DNS Domain: rdlg.net <http://rdlg.net>
>>>>>>>>>> >> IPA Server: ipa.rdlg.net <http://ipa.rdlg.net>
>>>>>>>>>> >> BaseDN: dc=rdlg,dc=net
>>>>>>>>>> >>
>>>>>>>>>> >> Skipping synchronizing time with NTP server.
>>>>>>>>>> >> New SSSD config will be created
>>>>>>>>>> >> Configured sudoers in /etc/nsswitch.conf
>>>>>>>>>> >> Configured /etc/sssd/sssd.conf
>>>>>>>>>> >> trying https://ipa.rdlg.net/ipa/json
>>>>>>>>>> >> Forwarding 'schema' to json server '
>>>>>>>>>> https://ipa.rdlg.net/ipa/json'
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >> It's been sitting there for a while ( 4 hours? ) I
>don't
>>>>>>>>>> see
>>>>>>>>>> >> anyting in the ipaserver-install.log, but it's here:
>>>>>>>>>> >> https://pastebin.com/biK1Dmv7
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >> On Thu, May 11, 2017 at 8:12 AM Martin Bašti <
>>>>>>>>>> mbasti at redhat.com
>>>>>>>>>> >> <mailto:mbasti at redhat.com>> wrote:
>>>>>>>>>> >>
>>>>>>>>>> >> Please keep freeipa-users in CC
>>>>>>>>>> >>
>>>>>>>>>> >> Snapshot is always better, so I suggest to use it.
>>>>>>>>>> Otherwise
>>>>>>>>>> >> there is an option --ignore-last-of-role to
>unblock
>>>>>>>>>> >> uninstallation.
>>>>>>>>>> >>
>>>>>>>>>> >> Martin
>>>>>>>>>> >>
>>>>>>>>>> >>
>>>>>>>>>> >> On 11.05.2017 16:00, Robert L. Harris wrote:
>>>>>>>>>> >>>
>>>>>>>>>> >>> Looks like you hit it, apache didn't have a
>group:
>>>>>>>>>> >>>
>>>>>>>>>> >>> -- Logs begin at Wed 2017-05-10 19:56:27 MDT, end
>at
>>>>>>>>>> Thu
>>>>>>>>>> >>> 2017-05-11 07:48:27 MDT. --
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> systemd[1]: Starting The Apache HTTP Server...
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> ipa-httpd-kdcproxy[28808]: ipa : INFO
>KDC
>>>>>>>>>> proxy
>>>>>>>>>> >>> enabled
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> httpd[28809]: AH00544: httpd: bad group name
>apache
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> systemd[1]: httpd.service: main process exited,
>>>>>>>>>> code=exited,
>>>>>>>>>> >>> status=1/FAILURE
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> kill[28812]: kill: cannot find process ""
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> systemd[1]: httpd.service: control process
>exited,
>>>>>>>>>> >>> code=exited status=1
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> systemd[1]: Failed to start The Apache HTTP
>Server.
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> systemd[1]: Unit httpd.service entered failed
>state.
>>>>>>>>>> >>> May 10 20:36:00 ipa.rdlg.net
><http://ipa.rdlg.net>
>>>>>>>>>> >>> systemd[1]: httpd.service failed.
>>>>>>>>>> >>>
>>>>>>>>>> >>> Thanks, didn't know that command. I tried to
>continue
>>>>>>>>>> the
>>>>>>>>>> >>> process:
>>>>>>>>>> >>>
>>>>>>>>>> >>> {0}:/root>ipa-server-install
>>>>>>>>>> >>>
>>>>>>>>>> >>> The log file for this installation can be found
>in
>>>>>>>>>> >>> /var/log/ipaserver-install.log
>>>>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server):
>ERROR
>>>>>>>>>> IPA
>>>>>>>>>> >>> server is already configured on this system.
>>>>>>>>>> >>> If you want to reinstall the IPA server, please
>>>>>>>>>> uninstall it
>>>>>>>>>> >>> first using 'ipa-server-install --uninstall'.
>>>>>>>>>> >>> ipa.ipapython.install.cli.install_tool(Server):
>ERROR
>>>>>>>>>> The
>>>>>>>>>> >>> ipa-server-install command failed. See
>>>>>>>>>> >>> /var/log/ipaserver-install.log for more
>information
>>>>>>>>>> >>>
>>>>>>>>>> >>> root at ipa
>>>>>>>>>> >>> {1}:/root>ipa-server-install --uninstall
>>>>>>>>>> >>>
>>>>>>>>>> >>> This is a NON REVERSIBLE operation and will
>delete all
>>>>>>>>>> data
>>>>>>>>>> >>> and configuration!
>>>>>>>>>> >>>
>>>>>>>>>> >>> Are you sure you want to continue with the
>uninstall
>>>>>>>>>> >>> procedure? [no]: yes
>>>>>>>>>> >>> ipa : ERROR Server removal aborted:
>>>>>>>>>> Deleting this
>>>>>>>>>> >>> server is not allowed as it would leave your
>>>>>>>>>> installation
>>>>>>>>>> >>> without a CA..
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>> This is a VM and I took a snapshot right before I
>>>>>>>>>> started the
>>>>>>>>>> >>> install, so I can revert, just make sure ti add
>the
>>>>>>>>>> apache
>>>>>>>>>> >>> user before starting the install. Or if you have
>a
>>>>>>>>>> better
>>>>>>>>>> >>> command to continue the clean-up/install.....
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>> On Thu, May 11, 2017 at 2:19 AM Martin Bašti
>>>>>>>>>> >>> <mbasti at redhat.com <mailto:mbasti at redhat.com>>
>wrote:
>>>>>>>>>> >>>
>>>>>>>>>> >>> Hello,
>>>>>>>>>> >>>
>>>>>>>>>> >>> comments inline
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>> On 11.05.2017 06:06, Robert L. Harris wrote:
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Sigh... Sorry, it's been a long day, I
>thought I
>>>>>>>>>> put
>>>>>>>>>> >>>> that log in the first pastebin. It's in
>this one:
>>>>>>>>>> >>>> https://pastebin.com/18PAXXNS
>>>>>>>>>> >>>
>>>>>>>>>> >>> Could you please provide journalctl -u httpd
>and
>>>>>>>>>> >>> /var/log/httpd/error_log ?
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Also,
>>>>>>>>>> >>>> Anyone else get the constant spam when
>mailing
>>>>>>>>>> this
>>>>>>>>>> >>>> list? Got an address to block for it?
>>>>>>>>>> >>>
>>>>>>>>>> >>> Sorry for that, there is a bot mining public
>>>>>>>>>> archives. We
>>>>>>>>>> >>> plan to resolve this issue but it may take
>time as
>>>>>>>>>> we are
>>>>>>>>>> >>> not maintaining our mailman.
>>>>>>>>>> >>>
>>>>>>>>>> >>> Martin
>>>>>>>>>> >>>
>>>>>>>>>> >>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Robert
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> On Wed, May 10, 2017 at 9:56 PM Lachlan
>Musicman
>>>>>>>>>> >>>> <datakid at gmail.com
><mailto:datakid at gmail.com>>
>>>>>>>>>> wrote:
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Robert, did you look in
>>>>>>>>>> >>>> /var/log/ipaserver-install.log as it
>says?
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Was there any other information?
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> cheers
>>>>>>>>>> >>>> L.
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> ------
>>>>>>>>>> >>>> "Mission Statement: To provide hope and
>>>>>>>>>> inspiration
>>>>>>>>>> >>>> for collective action, to build
>collective
>>>>>>>>>> power, to
>>>>>>>>>> >>>> achieve collective transformation,
>rooted in
>>>>>>>>>> grief
>>>>>>>>>> >>>> and rage but pointed towards vision and
>>>>>>>>>> dreams."
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> - Patrice Cullors, /Black Lives Matter
>>>>>>>>>> founder/
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> On 11 May 2017 at 13:24, Robert L.
>Harris
>>>>>>>>>> >>>> <robert.l.harris at gmail.com
>>>>>>>>>> >>>> <mailto:robert.l.harris at gmail.com>>
>wrote:
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Ok, I gave up on Ubuntu. I'm now
>trying
>>>>>>>>>> the
>>>>>>>>>> >>>> latest CentOS7. I built out a
>"minimal
>>>>>>>>>> server"
>>>>>>>>>> >>>> with some normal base packages which
>did
>>>>>>>>>> include
>>>>>>>>>> >>>> the freeipa-client but otherwise,
>just
>>>>>>>>>> standard
>>>>>>>>>> >>>> tools. Here's a pastebin of the
>output
>>>>>>>>>> of the
>>>>>>>>>> >>>> install:
>https://pastebin.com/zAWCgkUU
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> Robert
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> --
>>>>>>>>>> >>>> Manage your subscription for the
>>>>>>>>>> Freeipa-users
>>>>>>>>>> >>>> mailing list:
>>>>>>>>>> >>>>
>>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>>> >>>> Go to http://freeipa.org for more
>info
>>>>>>>>>> on the
>>>>>>>>>> >>>> project
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>> --
>>>>>>>>>> >>>> Manage your subscription for the
>Freeipa-users
>>>>>>>>>> >>>> mailing list:
>>>>>>>>>> >>>>
>>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>>> >>>> Go to http://freeipa.org for more info
>on
>>>>>>>>>> the project
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>>
>>>>>>>>>> >>>
>>>>>>>>>> >>> --
>>>>>>>>>> >>> Martin Bašti
>>>>>>>>>> >>> Software Engineer
>>>>>>>>>> >>> Red Hat Czech
>>>>>>>>>> >>>
>>>>>>>>>> >>
>>>>>>>>>> >> --
>>>>>>>>>> >> Martin Bašti
>>>>>>>>>> >> Software Engineer
>>>>>>>>>> >> Red Hat Czech
>>>>>>>>>> >>
>>>>>>>>>> >
>>>>>>>>>> > --
>>>>>>>>>> > Martin Bašti
>>>>>>>>>> > Software Engineer
>>>>>>>>>> > Red Hat Czech
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>> >
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Manage your subscription for the Freeipa-users mailing list:
>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>> Go to http://freeipa.org for more info on the project
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>
>>
Hi,
Apologies if this has been asked already, but are the file permissions correct for the alias file it is complaining about?
If the process cannot read the file it will fail.
It's also worth checking the SElinux context in case it needs a relabel. And check it's not immutable for some reason.
$ ls -lZ /etc/httpd/alias
$ lsattr /etc/httpd/alias
I have just installed FreeIPA in CentOS 7 myself without any problems. So this seems like an odd error to get.
Cheers,
Dagan McGregor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170516/769abf12/attachment.htm>
More information about the Freeipa-users
mailing list