[Freeipa-users] Web UI Authentication errors - revisited

Dmitri Pal dpal at redhat.com
Fri Mar 6 18:09:25 UTC 2015 

On 03/06/2015 11:59 AM, Dan Mossor wrote:
>
>
> On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal <dpal at redhat.com 
> <mailto:dpal at redhat.com>> wrote:
>
>     On 03/06/2015 10:35 AM, Dan Mossor wrote:
>>
>>
>>     On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal <dpal at redhat.com
>>     <mailto:dpal at redhat.com>> wrote:
>>
>>
>>         From your workstation can you use the demo instance
>>         https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same
>>         error?
>>
>>         -- 
>>         Thank you,
>>         Dmitri Pal
>>
>>         Sr. Engineering Manager IdM portfolio
>>         Red Hat, Inc.
>>
>>     Oh, sorry, I didn't realize I was supposed to check that. For the
>>     record, yes - I can log into the demo instance on Firefox from my
>>     workstation. For the sake of completeness, I checked with
>>     Konquerer also and can log in to the demo instance.
>>
>>     Regards,
>>     Dan
>
>     OK, so it seems that something is really broken on that server.
>     May be it is easier to start over - up to you. If you want to
>     continue troubleshooting we are here to help.
>
>     -- 
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager IdM portfolio
>     Red Hat, Inc.
>
> IT WORKS! WOOT!
>
> In the steps of researching a small issue on another hypervisor, I 
> discovered that my underlying network, while operational, was not 
> properly configured. The IPA server and my workstation were supposed 
> to be talking in VLAN 100 and 110, respectively. The network is 
> temporarily configured to route every packet it receives to the proper 
> VLAN, no matter where it originates.
>
> My workstation is indeed on VLAN 110, and is tagging the packets 
> appropriately. The server, however, due to a bridge misconfiguration 
> on the host, was on VLAN 1 and not sending tagged packets at all. But 
> as the router is configured to route all appropriate packets it 
> appeared to be operating normally.
>
> I blew away the network configuration on the host and rebuilt it 
> again, this time ensuring that VLAN 1 was not available on that switch 
> port, and that the packets leaving the host were tagged with VLAN 100. 
> I brought the IPA server back up and was able to log in.
>
> So, chalk this one up to misrouted packets. I didn't even think to 
> look there, the 401 error gave no clue that networking may be the issue.
>
> Regards,
> Dan Mossor

I am glad that this hunt is over :-)
Have a nice weekend!

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/b2324e06/attachment.htm>

More information about the Freeipa-users mailing list