Closed kbetsis closed 4 years ago
Hello.
Check your bind settings. I think bind trying to connect to mailgun.com
NS server over IPv6 then you do request over IPv6.
You can check this case with command: dig -6 smtp.mailgun.com
We get IPv4 from the system
(virtualenv) [root@secauth02 ldap-passwd-reset]# dig -6 smtp.mailgun.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -6 smtp.mailgun.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18706 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 2
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;smtp.mailgun.com. IN A
;; ANSWER SECTION: smtp.mailgun.com. 300 IN CNAME smtp.mailgun.org. smtp.mailgun.org. 60 IN A 52.34.36.243 smtp.mailgun.org. 60 IN A 52.37.231.98
;; AUTHORITY SECTION: mailgun.org. 86295 IN NS ns-133.awsdns-16.com. mailgun.org. 86295 IN NS ns-1614.awsdns-09.co.uk. mailgun.org. 86295 IN NS ns-586.awsdns-09.net. mailgun.org. 86295 IN NS ns-1482.awsdns-57.org.
;; ADDITIONAL SECTION: ns-1482.awsdns-57.org. 86295 IN A 205.251.197.202
;; Query time: 37 msec ;; SERVER: ::1#53(::1) ;; WHEN: Thu Nov 14 16:51:09 UTC 2019 ;; MSG SIZE rcvd: 257
And this is the error from the app
[Thu Nov 14 16:50:22.002210 2019] [proxy_http:error] [pid 13862] (70007)The timeout specified has expired: [client 192.168.121.130:61075] AH01102: error reading status line from remote server 127.0.0.1:8000, referer: https://secauth02.security.pccwglobal.com/reset/gettoken/ [Thu Nov 14 16:50:22.002319 2019] [proxy:error] [pid 13862] [client 192.168.121.130:61075] AH00898: Error reading from remote server returned by /reset/gettoken/, referer: https://secauth02.security.pccwglobal.com/reset/gettoken/ [Thu Nov 14 16:50:32.270996 2019] [:warn] [pid 14315] [client 192.168.121.158:47808] failed to set perms (3140) on file (/var/run/ipa/ccaches/ldap-passwd-reset@SECURITY.PCCWGLOBAL.COM)!, referer: https://secauth02.security.pccwglobal.com/ipa/xml [Thu Nov 14 16:50:32.295118 2019] [:error] [pid 12744] ipa: INFO: [jsonserver_session] ldap-passwd-reset@SECURITY.PCCWGLOBAL.COM: ping(): SUCCESS [Thu Nov 14 16:50:32.300849 2019] [:warn] [pid 14315] [client 192.168.121.158:47808] failed to set perms (3140) on file (/var/run/ipa/ccaches/ldap-passwd-reset@SECURITY.PCCWGLOBAL.COM)!, referer: https://secauth02.security.pccwglobal.com/ipa/xml [Thu Nov 14 16:50:32.328481 2019] [:error] [pid 12745] ipa: INFO: [jsonserver_session] ldap-passwd-reset@SECURITY.PCCWGLOBAL.COM: user_show/1(u'testreset', all=True, version=u'2.231'): SUCCESS
BTW our FreeIPA installation is 4.6.5 if that makes a difference.
Try to set system resolver to 8.8.8.8
(you should change file /etc/resolv.conf
) and check the app.
Hi after resolving the kerberos ticket access writes the reset page ends with a Proxy Error just like shown below:![image](https://user-images.githubusercontent.com/14052268/68868717-ace05980-0700-11ea-9c02-2c3949eaaf6e.png)
In addition we see a lot of errors due to IPv6 connectivity attempts
When we try this from bash everything works OK.
Any suggestions?