[Freeipa-users] Web UI Authentication errors - revisited
Dmitri Pal
dpal at redhat.com
Fri Mar 6 18:09:25 UTC 2015
On 03/06/2015 11:59 AM, Dan Mossor wrote:
>
>
> On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> On 03/06/2015 10:35 AM, Dan Mossor wrote:
>>
>>
>> On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal <dpal at redhat.com
>> <mailto:dpal at redhat.com>> wrote:
>>
>>
>> From your workstation can you use the demo instance
>> https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same
>> error?
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>> Oh, sorry, I didn't realize I was supposed to check that. For the
>> record, yes - I can log into the demo instance on Firefox from my
>> workstation. For the sake of completeness, I checked with
>> Konquerer also and can log in to the demo instance.
>>
>> Regards,
>> Dan
>
> OK, so it seems that something is really broken on that server.
> May be it is easier to start over - up to you. If you want to
> continue troubleshooting we are here to help.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> IT WORKS! WOOT!
>
> In the steps of researching a small issue on another hypervisor, I
> discovered that my underlying network, while operational, was not
> properly configured. The IPA server and my workstation were supposed
> to be talking in VLAN 100 and 110, respectively. The network is
> temporarily configured to route every packet it receives to the proper
> VLAN, no matter where it originates.
>
> My workstation is indeed on VLAN 110, and is tagging the packets
> appropriately. The server, however, due to a bridge misconfiguration
> on the host, was on VLAN 1 and not sending tagged packets at all. But
> as the router is configured to route all appropriate packets it
> appeared to be operating normally.
>
> I blew away the network configuration on the host and rebuilt it
> again, this time ensuring that VLAN 1 was not available on that switch
> port, and that the packets leaving the host were tagged with VLAN 100.
> I brought the IPA server back up and was able to log in.
>
> So, chalk this one up to misrouted packets. I didn't even think to
> look there, the 401 error gave no clue that networking may be the issue.
>
> Regards,
> Dan Mossor
I am glad that this hunt is over :-)
Have a nice weekend!
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/b2324e06/attachment.htm>
More information about the Freeipa-users
mailing list