hi,
thnx for comment.
I really dont care sibgle sign on or something like that now :)
All I want I try to get back my ipa server :)
I check IPA status and :
[root@srv httpd]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
seems no problem ın that side.
Now I will resert my httpd error log and restart server.
[root@srv httpd]# more error_log
[Thu Sep 11 14:22:59 2014] [notice] caught SIGTERM, shutting down
[Thu Sep 11 14:24:18 2014] [notice] SELinux policy enabled; httpd
running as context system_u:system_r:httpd_t:s0
[Thu Sep 11 14:24:18 2014] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Thu Sep 11 14:24:18 2014] [notice] Digest: generating secret for digest
authentication ...
[Thu Sep 11 14:24:18 2014] [notice] Digest: done
[Thu Sep 11 14:24:19 2014] [notice] Apache/2.2.15 (Unix) DAV/2
mod_auth_kerb/5.4 mod_nss/2.2.15 NSS/3.15.1 Basic ECC mod_wsgi/3.2
Python/2.6.6 configure
d -- resuming normal operations
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***
[Thu Sep 11 14:24:23 2014] [error] ipa: INFO: *** PROCESS START ***
And
[root@srv httpd]# service iptables status
iptables: Firewall is not running
Seems no problem here.
Which service not available?
On 11-09-2014 14:18, Petr Vobornik wrote:
Hello Tevfik,
comments inline
On 11.9.2014 12:24, Tevfik Ceydeliler wrote:
Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those
command:
# scp /etc/krb5.conf [email protected]:/etc/krb5_ipa.conf
and
I assume that you want to configure the machine without enrolling it
as FreeIPA client. If not, I would suggest you enrolling it as a
client using ipa-client-install. Then you don't have to do anything
else except browser config.
Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf
vim /etc/httpd/conf.d/ipa.conf
and change this:
KrbMethodK5Passwd off --> to --> KrbMethodK5Passwd on
FreeIPA's Web UI support forms-based auth so this is not usually needed.
and restart httpd.
Then nothing change. And then I rollback vim /etc/httpd/conf.d/ipa.conf
Now when I try to open Web UI I get An popup error:
"Service Unavailable"
run:
ipactl status
or
systemctl status httpd.service
or inspect
/var/log/httpd/error_log
to find out if web server is running - might not be the case because
of invalid modifications in /etc/httpd/conf.d/ipa.conf , reason should
be in the log
Have you any idea?
--
<br>
<img src="http://www.yasar.com.tr/banner/yhbanner.jpg";> </img>
<br><br>
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece
adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi
ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi
dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar
ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail
and any files transmitted with it are intended solely for the use of the
individual or entity to whom they are addressed and Yasar Group Companies do
not accept legal responsibility for the contents. If you are not the intended
recipient, please immediately notify the sender and delete it from your system.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
![http://www.yasar.com.tr/banner/yhbanner.jpg"](http://www.yasar.com.tr/banner/yhbanner.jpg"){kind=link}