Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 670, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 217, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 61, in __call__
return self.callable(*self.args, **self.kwargs)
File "/usr/lib/python2.7/site-packages/freeipa_community_portal/app.py", line 74, in POST
errors = user.save()
File "/usr/lib/python2.7/site-packages/freeipa_community_portal/model/user.py", line 56, in save
self._call_api()
File "/usr/lib/python2.7/site-packages/freeipa_community_portal/model/user.py", line 66, in _call_api
api_connect()
File "/usr/lib/python2.7/site-packages/freeipa_community_portal/model/__init__.py", line 47, in api_connect
api.finalize()
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 707, in finalize
self.__do_if_not_done('load_plugins')
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 422, in __do_if_not_done
getattr(self, name)()
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 585, in load_plugins
for package in self.packages:
File "/usr/lib/python2.7/site-packages/ipalib/__init__.py", line 919, in packages
ipaclient.remote_plugins.get_package(self),
File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 118, in get_package
plugins = schema.get_package(server_info, client)
File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 543, in get_package
schema = Schema(client)
File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 387, in __init__
fingerprint, ttl = self._fetch(client, ignore_cache=read_failed)
File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 426, in _fetch
schema = client.forward(u'schema', **kwargs)['result']
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1008, in forward
raise NetworkError(uri=server, error=str(e))
NetworkError: cannot connect to 'https://ipa.mueslo.de/ipa/json': (SEC_ERROR_BUSY) NSS could not shutdown. Objects are still in use.
This is on a freshly-installed Fedora 26 VM (KVM).
Aug 23 17:37:44 ipa krb5kdc[1847](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.4: NEEDED_PREAUTH: portal@MUESLO.DE for krbtgt/MUESLO.DE@MUESLO.DE, Additional pre-authentication required
Aug 23 17:37:44 ipa krb5kdc[1847](info): closing down fd 11
Aug 23 17:37:44 ipa krb5kdc[1847](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.4: ISSUE: authtime 1503502664, etypes {rep=18 tkt=18 ses=18}, portal@MUESLO.DE for krbtgt/MUESLO.DE@MUESLO.DE
Aug 23 17:37:44 ipa krb5kdc[1847](info): closing down fd 11
Aug 23 17:37:44 ipa krb5kdc[1847](info): TGS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.1.4: ISSUE: authtime 1503502664, etypes {rep=18 tkt=18 ses=18}, portal@MUESLO.DE for HTTP/ipa.mueslo.de@MUESLO.DE
Aug 23 17:37:44 ipa krb5kdc[1847](info): closing down fd 11
/var/log/sssd/sssd_nss.log: (full of this repeating)
(Wed Aug 23 17:56:56 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]
If I take a minimal example, e.g.
#!/usr/bin/env python2
import os
from ipalib import api
os.environ['KRB5_CLIENT_KTNAME'] = "/etc/ipa/portal.keytab"
api.bootstrap(context='cli')
api.finalize()
if not api.Backend.rpcclient.isconnected():
api.Backend.rpcclient.connect()
api.Command.stageuser_add(
givenname=u'testy',
sn=u'mctestface',
uid=u'testymctest',
mail=u'test@test.net')
Running this as apache works fine (now), not sure why the below happened.
Running this as root (with an admin ticket), works just fine. However, running this as apache leads to
File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 426, in _fetch
schema = client.forward(u'schema', **kwargs)['result']
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 994, in forward
return self._call_command(command, params)
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 975, in _call_command
return command(*params)
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1125, in _call
return self.__request(name, args)
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1119, in __request
raise error_class(**kw)
ipalib.errors.ACIError: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Matching credential not found (filename: /var/run/httpd/ipa/clientcaches/portal@MUESLO.DE-H40gwq))
and sometimes
File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 426, in _fetch
schema = client.forward(u'schema', **kwargs)['result']
File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 1008, in forward
raise NetworkError(uri=server, error=str(e))
ipalib.errors.NetworkError: cannot connect to 'https://ipa.mueslo.de/ipa/json': (PR_END_OF_FILE_ERROR) Encountered end of file.
Happens both with ipalib/ipaclient 4.4.4 and 4.5.3. The keytab was created via ipa-getkeytab -s ipa.mueslo.de -p portal@MUESLO.DE -k /etc/ipa/portal.keytab.
Hey, I set everything up as described at http://freeipa-community-portal.readthedocs.io/en/latest/deploy.html#post-installation (except I installed it on the same server as FreeIPA), but when trying to register a user, the following error occurs:
This is on a freshly-installed Fedora 26 VM (KVM).
/var/log/krb5kdc.log:
/var/log/sssd/sssd_nss.log: (full of this repeating)
(Wed Aug 23 17:56:56 2017) [sssd[nss]] [sss_dp_get_reply] (0x0010): The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]
If I take a minimal example, e.g.
Running this as apache works fine (now), not sure why the below happened.
Running this as root (with an admin ticket), works just fine. However, running this as apache leads toand sometimesHappens both with ipalib/ipaclient 4.4.4 and 4.5.3. The keytab was created viaipa-getkeytab -s ipa.mueslo.de -p portal@MUESLO.DE -k /etc/ipa/portal.keytab
.