Dan Deighton
2006-Nov-02 17:25 UTC
Re: [Fedora-directory-users] Problem accessing Configuration Directory after upgrade to 1.0.3
On Thu, 2006-11-02 at 09:31 -0700, Richard Megginson wrote: Dan Deighton wrote:> > On Thu, 2006-11-02 at 08:09 -0700, Richard Megginson wrote: > > Dan Deighton wrote: > >> With FDS 1.0.2, I had setup a Secure Connection under the > >> Configuration DS in the Admin Console. Everything was going fine > >> until I updated to 1.0.3. After that, the Directory Server would > >> start, but the Admin Server would not. > >> > >> I thought it may have been a problem with the upgrade, so I did a > >> fresh install of FDS 1.0.3. As soon as I enabled a Secure Connection > >> for the Configuration DS. The problem was back. > > Can you post the error log from your admin server? admin-serv/logs/error > > If that doesn''t have much information in it, try doing start-admin -e > > debug> Thanks. The last line of error output is odd: > > Please enter password for "internal" token: > Are you using a pin file for the admin server ssl password? NoIf not, did> you type in the password on the command line?Yes, I typed in the password. This password was created when I first managed the certificate for the Admin Server. I am prompted for this password as soon as SSL is enabled for the Admin Server. This works fine if the configuration DS is not using SSL. As soon as a secure connection is used for the Configuration DS it fails.> >> > >> I had no problem setting up encryption for the Admin Server and the > >> User DS. It only happens with the Configuration DS. > >> > >> Has anyone else seen this problem? Am I missing something obvious > >> that changed with 1.0.3? > >> > >> Any help would be appreciated. > >> > >> Thanks > >> > >> ------------------------------------------------------------------------ > >> > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users@redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > Without debug: > > -------------- > > > > admin-serv/logs/error: > > --- > > [Thu Nov 02 10:27:11 2006] [warn] NSSProtocols not set; using: SSLv3 > > and TLSv1 > > [Thu Nov 02 10:27:12 2006] [crit] mod_admserv_post_config(): unable to > > build user/group LDAP server info: unable to set User/Group baseDN > > Configuration Failed > > --- > > > > -------------- > > > > > > > > With debug: > > -------------- > > > > admin-serv/logs/error > > --- > > > > [Thu Nov 02 10:31:34 2006] [info] done Init: Initializing NSS library > > [Thu Nov 02 10:31:34 2006] [warn] NSSProtocols not set; using: SSLv3 > > and TLSv1 > > [Thu Nov 02 10:31:35 2006] [debug] mod_admserv.c(760): sslinit: > > mod_nss has been started and initialized > > [Thu Nov 02 10:31:35 2006] [crit] mod_admserv_post_config(): unable to > > build user/group LDAP server info: unable to set User/Group baseDN > > Configuration Failed > > > > --- > > > > STDOUT: > > --- > > ./start-admin -e debug > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > access_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > auth_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > log_config_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > env_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > mime_magic_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > expires_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > deflate_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > headers_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > unique_id_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > setenvif_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > mime_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > vhost_alias_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > negotiation_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > dir_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > actions_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > alias_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > rewrite_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > cache_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > disk_cache_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > file_cache_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > mem_cache_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > cgi_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > restartd_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > nss_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module > > admserv_module > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2382): [22117] > > create_server_config [0x9f09370] for (null) > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] > > create_config [0x9f09380] for (null) > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2431): [22117] Set > > [0x9f09370] [ADMCacheLifeTime] to 600 > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2449): [22117] Set > > [0x9f09370] [ADMServerVersionString] to Fedora-Administrator/1.0.3 > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] > > create_config [0x9f38f88] for /opt/fedora-ds/clients/dsgw/bin/ > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] > > create_config [0x9f3a2b0] for /*/[tT]asks/[Oo]peration/* > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] > > create_config [0x9f38878] for /*/[tT]asks/[Cc]onfiguration/* > > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] > > create_config [0x9f3b8e0] for > > /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create)$ > > Please enter password for "internal" token: > > > > --- > > > > -------------- > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard Megginson
2006-Nov-02 17:49 UTC
Re: [Fedora-directory-users] Problem accessing Configuration Directory after upgrade to 1.0.3
Dan Deighton wrote:> On Thu, 2006-11-02 at 09:31 -0700, Richard Megginson wrote: > Dan Deighton wrote: >> > On Thu, 2006-11-02 at 08:09 -0700, Richard Megginson wrote: >> > Dan Deighton wrote: >> >> With FDS 1.0.2, I had setup a Secure Connection under the >> >> Configuration DS in the Admin Console. Everything was going fine >> >> until I updated to 1.0.3. After that, the Directory Server would >> >> start, but the Admin Server would not. >> >> >> >> I thought it may have been a problem with the upgrade, so I did a >> >> fresh install of FDS 1.0.3. As soon as I enabled a Secure Connection >> >> for the Configuration DS. The problem was back. >> > Can you post the error log from your admin server? >> admin-serv/logs/error >> > If that doesn''t have much information in it, try doing start-admin -e >> > debug > >> Thanks. The last line of error output is odd: >> > Please enter password for "internal" token: >> Are you using a pin file for the admin server ssl password? No > > If not, did >> you type in the password on the command line? > > Yes, I typed in the password. This password was created when I first > managed the certificate for the Admin Server. I am prompted for this > password as soon as SSL is enabled for the Admin Server. This works > fine if the configuration DS is not using SSL. As soon as a secure > connection is used for the Configuration DS it fails.Can you post your admin-serv/config/adm.conf, admin-serv/config/local.conf, admin-serv/config/console.conf, and shared/config/dbswitch.conf, being careful to remove or obscure any sensitive information first?> >> >> >> >> I had no problem setting up encryption for the Admin Server and the >> >> User DS. It only happens with the Configuration DS. >> >> >> >> Has anyone else seen this problem? Am I missing something obvious >> >> that changed with 1.0.3? >> >> >> >> Any help would be appreciated. >> >> >> >> Thanks >> >> >> >> >> ------------------------------------------------------------------------ >> >> >> >> -- >> >> Fedora-directory-users mailing list >> >> Fedora-directory-users@redhat.com >> >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > -- >> > Fedora-directory-users mailing list >> > Fedora-directory-users@redhat.com >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > >> > >> > >> > Without debug: >> > -------------- >> > >> > admin-serv/logs/error: >> > --- >> > [Thu Nov 02 10:27:11 2006] [warn] NSSProtocols not set; using: SSLv3 >> > and TLSv1 >> > [Thu Nov 02 10:27:12 2006] [crit] mod_admserv_post_config(): unable to >> > build user/group LDAP server info: unable to set User/Group baseDN >> > Configuration Failed >> > --- >> > >> > -------------- >> > >> > >> > >> > With debug: >> > -------------- >> > >> > admin-serv/logs/error >> > --- >> > >> > [Thu Nov 02 10:31:34 2006] [info] done Init: Initializing NSS library >> > [Thu Nov 02 10:31:34 2006] [warn] NSSProtocols not set; using: SSLv3 >> > and TLSv1 >> > [Thu Nov 02 10:31:35 2006] [debug] mod_admserv.c(760): sslinit: >> > mod_nss has been started and initialized >> > [Thu Nov 02 10:31:35 2006] [crit] mod_admserv_post_config(): unable to >> > build user/group LDAP server info: unable to set User/Group baseDN >> > Configuration Failed >> > >> > --- >> > >> > STDOUT: >> > --- >> > ./start-admin -e debug >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > access_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > auth_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > log_config_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > env_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > mime_magic_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > expires_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > deflate_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > headers_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > unique_id_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > setenvif_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > mime_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > vhost_alias_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > negotiation_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > dir_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > actions_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > alias_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > rewrite_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > cache_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > disk_cache_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > file_cache_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > mem_cache_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > cgi_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > restartd_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > nss_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_so.c(247): loaded module >> > admserv_module >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2382): [22117] >> > create_server_config [0x9f09370] for (null) >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] >> > create_config [0x9f09380] for (null) >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2431): [22117] Set >> > [0x9f09370] [ADMCacheLifeTime] to 600 >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2449): [22117] Set >> > [0x9f09370] [ADMServerVersionString] to Fedora-Administrator/1.0.3 >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] >> > create_config [0x9f38f88] for /opt/fedora-ds/clients/dsgw/bin/ >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] >> > create_config [0x9f3a2b0] for /*/[tT]asks/[Oo]peration/* >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] >> > create_config [0x9f38878] for /*/[tT]asks/[Cc]onfiguration/* >> > [Thu Nov 02 10:31:29 2006] [debug] mod_admserv.c(2370): [22117] >> > create_config [0x9f3b8e0] for >> > /*/[tT]asks/[Oo]peration/(?i:stop|start|restart|startconfigds|create)$ >> > Please enter password for "internal" token: >> > >> > --- >> > >> > -------------- >> > >> > -- >> > Fedora-directory-users mailing list >> > Fedora-directory-users@redhat.com >> > https://www.redhat.com/mailman/listinfo/fedora-directory-users >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users