This is first time i am trying to install FreeIPA on my home, local network. I've setup IPV6. Local server machine have default Apache running on :80 which i just left as is.
:80
Setup my hostname and domain
myhost[user]~: hostname --domain ipa.mydomain.com myhost[user]~: hostname --fqdn myhost.ipa.mydomain.com
Also made sure that my router will point to proper IP while querying that host
dig myhost.ipa.mydomain.com ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-13.P2.fc29 <<>> myhost.ipa.mydomain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56921 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;myhost.ipa.mydomain.com. IN ANY ;; ANSWER SECTION: myhost.ipa.mydomain.com. 0 IN A 10.0.1.10 myhost.ipa.mydomain.com. 0 IN AAAA fe80::c8e5:xxxx:xxxx:xxxx ;; Query time: 1 msec ;; SERVER: 10.0.1.1#53(10.0.1.1) ;; WHEN: Sun Feb 17 12:12:09 PST 2019 ;; MSG SIZE rcvd: 68
And started installation on my local server via ssh:
myhost[user]~: sudo ipa-server-install -a MyPasswordA -p MyPasswordA --hostname=myhost.ipa.mydomain.com -n ipa.mydomain.com -r IPA.MYDOMAIN.COM --no-forwarders --setup-dns -U
Unfortunately few mins into installation I am getting
CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n') 2019-02-17T17:59:23Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
At first, I did some digging and on some website from few years ago one suggested installing 'mod_nss' , which I did (It was not present on my machine when installing firs time) - Not very familiar with it but after some more digging i did:
sudo gencert /etc/httpd/nss mv /etc/httpd/conf.d/nss.conf-BAK
(which compleatly removed nss config, but that was the only way for me to start httpd even after uninstalling FreeIpa)
I've tried installing again, but i did not managed to get much further this time.
4.20.8-200.fc29.x86_64 freeipa-server-4.7.2-1.fc29.x86_64 freeipa-client-4.7.2-1.fc29.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.0.21-1.fc29.x86_64 pki-ca-10.6.9-1.fc29.noarch krb5-server-1.16.1-25.fc29.x86_64
Part of '/var/log/ipaserver-install.log'
2019-02-17T17:59:17Z DEBUG step duration: httpd request_service_keytab 0.32 sec 2019-02-17T17:59:17Z DEBUG [11/21]: configuring Gssproxy 2019-02-17T17:59:17Z DEBUG Starting external process 2019-02-17T17:59:17Z DEBUG args=['/usr/sbin/selinuxenabled'] 2019-02-17T17:59:17Z DEBUG Process finished, return code=1 2019-02-17T17:59:17Z DEBUG stdout= 2019-02-17T17:59:17Z DEBUG stderr= 2019-02-17T17:59:17Z DEBUG Starting external process 2019-02-17T17:59:17Z DEBUG args=['/bin/systemctl', 'restart', 'gssproxy.service'] 2019-02-17T17:59:17Z DEBUG Process finished, return code=0 2019-02-17T17:59:17Z DEBUG stdout= 2019-02-17T17:59:17Z DEBUG stderr= 2019-02-17T17:59:17Z DEBUG Starting external process 2019-02-17T17:59:17Z DEBUG args=['/bin/systemctl', 'is-active', 'gssproxy.service'] 2019-02-17T17:59:17Z DEBUG Process finished, return code=0 2019-02-17T17:59:17Z DEBUG stdout=active 2019-02-17T17:59:17Z DEBUG stderr= 2019-02-17T17:59:17Z DEBUG Restart of gssproxy.service complete 2019-02-17T17:59:17Z DEBUG step duration: httpd configure_gssproxy 0.06 sec 2019-02-17T17:59:17Z DEBUG [12/21]: setting up ssl 2019-02-17T17:59:17Z DEBUG certmonger request is in state dbus.String('GENERATING_KEY_PAIR', variant_level=1) 2019-02-17T17:59:22Z DEBUG certmonger request is in state dbus.String('MONITORING', variant_level=1) 2019-02-17T17:59:22Z DEBUG Cert request 20190217175917 was successful 2019-02-17T17:59:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state' 2019-02-17T17:59:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state' 2019-02-17T17:59:22Z DEBUG step duration: httpd __setup_ssl 5.29 sec 2019-02-17T17:59:22Z DEBUG [13/21]: configure certmonger for renewals 2019-02-17T17:59:22Z DEBUG Starting external process 2019-02-17T17:59:22Z DEBUG args=['/bin/systemctl', 'is-active', 'certmonger.service'] 2019-02-17T17:59:22Z DEBUG Process finished, return code=0 2019-02-17T17:59:22Z DEBUG stdout=active 2019-02-17T17:59:22Z DEBUG stderr= 2019-02-17T17:59:22Z DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' 2019-02-17T17:59:22Z DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' 2019-02-17T17:59:22Z DEBUG step duration: httpd configure_certmonger_renewal_guard 0.21 sec 2019-02-17T17:59:22Z DEBUG [14/21]: publish CA cert 2019-02-17T17:59:22Z DEBUG step duration: httpd __publish_ca_cert 0.01 sec 2019-02-17T17:59:22Z DEBUG [15/21]: clean up any existing httpd ccaches 2019-02-17T17:59:22Z DEBUG step duration: httpd remove_httpd_ccaches 0.00 sec 2019-02-17T17:59:22Z DEBUG [16/21]: configuring SELinux for httpd 2019-02-17T17:59:22Z DEBUG Starting external process 2019-02-17T17:59:22Z DEBUG args=['/usr/sbin/selinuxenabled'] 2019-02-17T17:59:22Z DEBUG Process finished, return code=1 2019-02-17T17:59:22Z DEBUG stdout= 2019-02-17T17:59:22Z DEBUG stderr= 2019-02-17T17:59:22Z DEBUG step duration: httpd configure_selinux_for_httpd 0.01 sec 2019-02-17T17:59:22Z DEBUG [17/21]: create KDC proxy config 2019-02-17T17:59:22Z DEBUG Backing up system configuration file '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' 2019-02-17T17:59:22Z DEBUG -> Not backing up - '/etc/ipa/kdcproxy/ipa-kdc-proxy.conf' doesn't exist 2019-02-17T17:59:22Z DEBUG step duration: httpd create_kdcproxy_conf 0.00 sec 2019-02-17T17:59:22Z DEBUG [18/21]: enable KDC proxy 2019-02-17T17:59:22Z DEBUG service KDC has all config values set 2019-02-17T17:59:22Z DEBUG step duration: httpd enable_kdcproxy 0.01 sec 2019-02-17T17:59:22Z DEBUG [19/21]: starting httpd 2019-02-17T17:59:22Z DEBUG Starting external process 2019-02-17T17:59:22Z DEBUG args=['/bin/systemctl', 'start', 'httpd.service'] 2019-02-17T17:59:23Z DEBUG Process finished, return code=1 2019-02-17T17:59:23Z DEBUG stdout= 2019-02-17T17:59:23Z DEBUG stderr=Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. 2019-02-17T17:59:23Z DEBUG Traceback (most recent call last): File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 605, in start_creation run_step(full_msg, method) File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 591, in run_step method() File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 497, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python3.7/site-packages/ipaplatform/base/services.py", line 302, in start skip_output=not capture_output) File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line 574, in run p.returncode, arg_string, output_log, error_log ipapython.ipautil.CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n') 2019-02-17T17:59:23Z DEBUG [error] CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n') 2019-02-17T17:59:23Z DEBUG File "/usr/lib/python3.7/site-packages/ipapython/admintool.py", line 179, in execute return_value = self.run() File "/usr/lib/python3.7/site-packages/ipapython/install/cli.py", line 347, in run return cfgr.run() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 360, in run return self.execute() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 386, in execute for rval in self._executor(): File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 655, in _configure next(executor) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 431, in __runner exc_handler(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 460, in _handle_execute_exception self._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception self.__parent._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 515, in _handle_exception super(ComponentBase, self)._handle_exception(exc_info) File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 450, in _handle_exception six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 421, in __runner step() File "/usr/lib/python3.7/site-packages/ipapython/install/core.py", line 418, in <lambda> step = lambda: next(self.__gen) File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from six.reraise(*exc_info) File "/usr/lib/python3.7/site-packages/six.py", line 693, in reraise raise value File "/usr/lib/python3.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from value = gen.send(prev_value) File "/usr/lib/python3.7/site-packages/ipapython/install/common.py", line 65, in _install for unused in self._installer(self.parent): File "/usr/lib/python3.7/site-packages/ipaserver/install/server/__init__.py", line 550, in main master_install(self) File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 253, in decorated func(installer) File "/usr/lib/python3.7/site-packages/ipaserver/install/server/install.py", line 881, in install ca_is_configured=setup_ca) File "/usr/lib/python3.7/site-packages/ipaserver/install/httpinstance.py", line 148, in create_instance self.start_creation() File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 605, in start_creation run_step(full_msg, method) File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 591, in run_step method() File "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line 497, in start self.service.start(instance_name, capture_output=capture_output, wait=wait) File "/usr/lib/python3.7/site-packages/ipaplatform/base/services.py", line 302, in start skip_output=not capture_output) File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line 574, in run p.returncode, arg_string, output_log, error_log 2019-02-17T17:59:23Z DEBUG The ipa-server-install command failed, exception: CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n') 2019-02-17T17:59:23Z ERROR CalledProcessError(Command ['/bin/systemctl', 'start', 'httpd.service'] returned non-zero exit status 1: 'Job for httpd.service failed because the control process exited with error code.\nSee "systemctl status httpd.service" and "journalctl -xe" for details.\n') 2019-02-17T17:59:23Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
And 'journalctl -xe'
-- Unit gssproxy.service has finished shutting down. Feb 17 09:59:17 myhost.ipa.mydomain.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Feb 17 09:59:17 myhost.ipa.mydomain.com audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Feb 17 09:59:17 myhost.ipa.mydomain.com systemd[1]: Starting GSSAPI Proxy Daemon... -- Subject: Unit gssproxy.service has begun start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit gssproxy.service has begun starting up. Feb 17 09:59:17 myhost.ipa.mydomain.com systemd[1]: Started GSSAPI Proxy Daemon. -- Subject: Unit gssproxy.service has finished start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit gssproxy.service has finished starting up. -- -- The start-up result is done. Feb 17 09:59:17 myhost.ipa.mydomain.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=gssproxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Feb 17 09:59:17 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: Generic Extension Feb 17 09:59:17 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: extensions Feb 17 09:59:18 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: Generic Extension Feb 17 09:59:18 myhost.ipa.mydomain.com server[27722]: PKCS10Attributes: adding attribute: extensions Feb 17 09:59:18 myhost.ipa.mydomain.com /restart_httpd[27984]: certmonger restarted httpd Feb 17 09:59:18 myhost.ipa.mydomain.com certmonger[27987]: Certificate in file "/var/lib/ipa/certs/httpd.crt" issued by CA and saved. Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1 Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1 Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1 Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 1 Feb 17 09:59:22 myhost.ipa.mydomain.com ipa-submit[27989]: GSSAPI client step 2 Feb 17 09:59:22 myhost.ipa.mydomain.com systemd[1]: Starting The Apache HTTP Server... -- Subject: Unit httpd.service has begun start-up -- Defined-By: systemd -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has begun starting up. Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1 Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1 Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1 Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 1 Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-submit[28027]: GSSAPI client step 2 Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-httpd-kdcproxy[28017]: ipa: INFO: KDC proxy enabled Feb 17 09:59:23 myhost.ipa.mydomain.com ipa-httpd-kdcproxy[28017]: ipa-httpd-kdcproxy: INFO KDC proxy enabled Feb 17 09:59:23 myhost.ipa.mydomain.com httpd[28029]: [Sun Feb 17 09:59:23.712445 2019] [so:warn] [pid 28029:tid 140659006052608] AH01574: module proxy_module is already loaded, skipping Feb 17 09:59:23 myhost.ipa.mydomain.com httpd[28029]: [Sun Feb 17 09:59:23.712513 2019] [so:warn] [pid 28029:tid 140659006052608] AH01574: module proxy_http_module is already loaded, skipping Feb 17 09:59:23 myhost.ipa.mydomain.com systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE Feb 17 09:59:23 myhost.ipa.mydomain.com systemd[1]: httpd.service: Failed with result 'exit-code'. Feb 17 09:59:23 myhost.ipa.mydomain.com systemd[1]: Failed to start The Apache HTTP Server.
As much as I am trying on my own, there is not much i can deduct from those logs.
You need to look at /var/log/httpd/error_log for details.
I would strongly recommend to removing mod_nss to simplify troubleshooting. It is not used by IPA.
Thanks!, I've removed mod_nss. and /var/log/httpd/error_log:
AH00016: Configuration Failed [Sun Feb 17 10:15:54.814078 2019] [suexec:notice] [pid 28676:tid 140432885836032] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sun Feb 17 10:15:54.871063 2019] [so:warn] [pid 28676:tid 140432885836032] AH01574: module proxy_module is already loaded, skipping [Sun Feb 17 10:15:54.871102 2019] [so:warn] [pid 28676:tid 140432885836032] AH01574: module proxy_http_module is already loaded, skipping [Sun Feb 17 10:15:54.881677 2019] [lbmethod_heartbeat:notice] [pid 28676:tid 140432885836032] AH02282: No slotmem from mod_heartmonitor [Sun Feb 17 10:15:54.889999 2019] [mpm_event:notice] [pid 28676:tid 140432885836032] AH00489: Apache/2.4.38 (Fedora) OpenSSL/1.1.1a mod_auth_gssapi/1.6.1 mod_fcgid/2.3.9 mod_wsgi/4.6.4 Python/3.7 mod_perl/2.0.10 Perl/v5.28.1 configured -- resuming normal operations [Sun Feb 17 10:15:54.890025 2019] [core:notice] [pid 28676:tid 140432885836032] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND' [Sun Feb 17 19:57:19.284447 2019] [mpm_event:notice] [pid 28676:tid 140432885836032] AH00492: caught SIGWINCH, shutting down gracefully [Sun Feb 17 19:57:27.726763 2019] [suexec:notice] [pid 25703:tid 140313707010304] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sun Feb 17 19:57:27.738641 2019] [ssl:emerg] [pid 25703:tid 140313707010304] AH02580: Init: Pass phrase incorrect for key myhost:443:0 [Sun Feb 17 19:57:27.738737 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Sun Feb 17 19:57:27.738761 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error [Sun Feb 17 19:57:27.738771 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Sun Feb 17 19:57:27.738782 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey) [Sun Feb 17 19:57:27.738792 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib [Sun Feb 17 19:57:27.738801 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Sun Feb 17 19:57:27.738811 2019] [ssl:emerg] [pid 25703:tid 140313707010304] SSL Library Error: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) [Sun Feb 17 19:57:27.738818 2019] [ssl:emerg] [pid 25703:tid 140313707010304] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/error_log for more information [Sun Feb 17 19:57:27.738823 2019] [ssl:emerg] [pid 25703:tid 140313707010304] AH02564: Failed to configure encrypted (?) private key myhost:443:0, check /var/lib/ipa/private/httpd.key AH00016: Configuration Failed
Does it mean i should have created some ssl keys prior the installation ?
Hi, the asn1 error reminds me of an issue related to the hostname which was not a FQDN (issue 7528). Can you check the content of /etc/hostname and /etc/hosts? The FQDN should be used everywhere.
Thanks @frenaud, I thoiught i got that covered. Here is my setup:
myhost[user]~: hostname --domain ipa.mydomain.com myhost[user]~: hostname --fqdn myhost.ipa.mydomain.com myhost[user]~: cat /etc/hostname myhost.ipa.mydomain.com myhost[user]~: cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.1.10 myhost.ipa.mydomain.com myhost
Unclear why Apache is sending the wrong hostname.
IPA writes to something like /var/lib/ipa/passwds/ipa.example.test-443-RSA
The script /usr/libexec/ipa/ipa-httpd-pwdreader reads this file and passes the contents to Apache as the token password.
Is this a stock Apache configuration or did you make local changes to it?
Science I've installed fedora server over a year ago, I cannot promisse that i haven't changed something from its default settings. Originally I never set domain as there was no need for me in my local home network. But as it is required by IPA, I started setting it up just now (and maybe some settings were not there yet?)
This is my httpd.conf : (I see that there is 'ServerName myhost:80' but maybe i should change it to 'ServerName myhost.ipa.mydomain.com:80' ?)
ServerRoot "/etc/httpd" Listen 80 Include conf.modules.d/*.conf User apache Group apache ServerAdmin my@email.com ServerName myhost:80 <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot "/var/www/html" <Directory "/var/www"> AllowOverride None Require all granted </Directory> <Directory "/var/www/html"> Options FollowSymLinks AllowOverride All Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html index.php index.cgi </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf ServerTokens Prod KeepAlive On LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so
So, that was it!
I've changed
ServerName myhost:80
to
ServerName myhost.ipa.mydomain.com:80
I wish i knew that i should look for it during initial setup :) but it worked. Installation went just fine.
By default ServerName is not set at all in Apache, it isn't a required config option.
I'll go ahead and mark this as complete, glad it's working for you.
Metadata Update from @rcritten: - Issue close_status updated to: worksforme - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.