[Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

Martin Kosek mkosek at redhat.com
Mon Mar 9 07:57:58 UTC 2015 

Thanks for all the data. So it looks like your browser properly forward the
session cookie, but it is not recognized on the server even though it was
stored before.

Especially these lines are strange:

[Sun Mar 08 13:16:29.909637 2015] [:error] [pid 3004] ipa: DEBUG: store
session: session_id=4803e184cecb42f2e326391dbb09443d
start_timestamp=2015-03-08T13:15:12 access_timestamp=2015-03-08T13:16:29
expiration_timestamp=2015-03-08T13:36:29
...
[Sun Mar 08 13:16:29.921519 2015] [:error] [pid 3003] ipa: DEBUG: found
session cookie_id = 4803e184cecb42f2e326391dbb09443d
[Sun Mar 08 13:16:29.921731 2015] [:error] [pid 3003] ipa: DEBUG: no
session data in cache with id=4803e184cecb42f2e326391dbb09443d, generating
empty session data

We know that ipa_memcached is running. Can you please also check if there are
no SELinux errors in /var/log/audit/audit.log preveting Apache from looking up
the session data?

Thanks,
Martin

On 03/08/2015 11:44 AM, Ben .T.George wrote:
> i was inspecting the page and got below response.
> 
> http://s21.postimg.org/itv5hf0h3/asdasd.jpg
> 
> http://s3.postimg.org/f6knomt1f/Capture.jpg
> 
> please anyone help me to solve this issue. i just want to create one local
> user in IPA
> 
> On Sun, Mar 8, 2015 at 1:17 PM, Ben .T.George <bentech4you at gmail.com> wrote:
> 
>> I enabled debugging mode on default.conf and this is what i am getting on
>> error_log
>>
>> [Sun Mar 08 13:16:18.204363 2015] [auth_kerb:error] [pid 3065] [client
>> 172.16.107.250:60088] gss_accept_sec_context() failed: An unsupported
>> mechanism was requested (, Unknown error), referer:
>> https://kwtpocpbis01.solaris.local/ipa/ui/
>> [Sun Mar 08 13:16:29.849339 2015] [:error] [pid 3004] ipa: DEBUG: WSGI
>> wsgi_dispatch.__call__:
>> [Sun Mar 08 13:16:29.849458 2015] [:error] [pid 3004] ipa: DEBUG: WSGI
>> login_password.__call__:
>> [Sun Mar 08 13:16:29.849683 2015] [:error] [pid 3004] ipa: DEBUG:
>> Obtaining armor ccache:
>> principal=HTTP/kwtpocpbis01.solaris.local at SOLARIS.LOCAL
>> keytab=/etc/httpd/conf/ipa.keytab
>> ccache=/var/run/ipa_memcached/krbcc_A_admin
>> [Sun Mar 08 13:16:29.849830 2015] [:error] [pid 3004] ipa: DEBUG: Starting
>> external process
>> [Sun Mar 08 13:16:29.849923 2015] [:error] [pid 3004] ipa: DEBUG:
>> args='/usr/bin/kinit' '-kt' '/etc/httpd/conf/ipa.keytab'
>> 'HTTP/kwtpocpbis01.solaris.local at SOLARIS.LOCAL'
>> [Sun Mar 08 13:16:29.868747 2015] [:error] [pid 3004] ipa: DEBUG: Process
>> finished, return code=0
>> [Sun Mar 08 13:16:29.868858 2015] [:error] [pid 3004] ipa: DEBUG: stdout=
>> [Sun Mar 08 13:16:29.868955 2015] [:error] [pid 3004] ipa: DEBUG: stderr=
>> [Sun Mar 08 13:16:29.869120 2015] [:error] [pid 3004] ipa: DEBUG: Starting
>> external process
>> [Sun Mar 08 13:16:29.869204 2015] [:error] [pid 3004] ipa: DEBUG:
>> args='/usr/bin/kinit' 'admin at SOLARIS.LOCAL' '-T'
>> '/var/run/ipa_memcached/krbcc_A_admin'
>> [Sun Mar 08 13:16:29.902181 2015] [:error] [pid 3004] ipa: DEBUG: Process
>> finished, return code=0
>> [Sun Mar 08 13:16:29.902269 2015] [:error] [pid 3004] ipa: DEBUG:
>> stdout=Password for admin at SOLARIS.LOCAL:
>> [Sun Mar 08 13:16:29.902278 2015] [:error] [pid 3004]
>> [Sun Mar 08 13:16:29.902328 2015] [:error] [pid 3004] ipa: DEBUG: stderr=
>> [Sun Mar 08 13:16:29.902427 2015] [:error] [pid 3004] ipa: DEBUG: kinit:
>> principal=admin at SOLARIS.LOCAL returncode=0, stderr=""
>> [Sun Mar 08 13:16:29.902483 2015] [:error] [pid 3004] ipa: DEBUG: Cleanup
>> the armor ccache
>> [Sun Mar 08 13:16:29.902560 2015] [:error] [pid 3004] ipa: DEBUG: Starting
>> external process
>> [Sun Mar 08 13:16:29.902621 2015] [:error] [pid 3004] ipa: DEBUG:
>> args='/usr/bin/kdestroy' '-A' '-c' '/var/run/ipa_memcached/krbcc_A_admin'
>> [Sun Mar 08 13:16:29.908045 2015] [:error] [pid 3004] ipa: DEBUG: Process
>> finished, return code=0
>> [Sun Mar 08 13:16:29.908121 2015] [:error] [pid 3004] ipa: DEBUG: stdout=
>> [Sun Mar 08 13:16:29.908173 2015] [:error] [pid 3004] ipa: DEBUG: stderr=
>> [Sun Mar 08 13:16:29.908348 2015] [:error] [pid 3004] ipa: DEBUG: found
>> session cookie_id = 4803e184cecb42f2e326391dbb09443d
>> [Sun Mar 08 13:16:29.908647 2015] [:error] [pid 3004] ipa: DEBUG: found
>> session data in cache with id=4803e184cecb42f2e326391dbb09443d
>> [Sun Mar 08 13:16:29.908728 2015] [:error] [pid 3004] ipa: DEBUG:
>> finalize_kerberos_acquisition: login_password
>> ccache_name="FILE:/var/run/ipa_memcached/krbcc_3004"
>> session_id="4803e184cecb42f2e326391dbb09443d"
>> [Sun Mar 08 13:16:29.908824 2015] [:error] [pid 3004] ipa: DEBUG: reading
>> ccache data from file "/var/run/ipa_memcached/krbcc_3004"
>> [Sun Mar 08 13:16:29.909319 2015] [:error] [pid 3004] ipa: DEBUG:
>> get_credential_times: principal=krbtgt/SOLARIS.LOCAL at SOLARIS.LOCAL,
>> authtime=03/08/15 13:16:29, starttime=03/08/15 13:16:29, endtime=03/09/15
>> 13:16:29, renew_till=01/01/70 03:00:00
>> [Sun Mar 08 13:16:29.909415 2015] [:error] [pid 3004] ipa: DEBUG:
>> KRB5_CCache FILE:/var/run/ipa_memcached/krbcc_3004 endtime=1425896189
>> (03/09/15 13:16:29)
>> [Sun Mar 08 13:16:29.909538 2015] [:error] [pid 3004] ipa: DEBUG:
>> set_session_expiration_time: duration_type=inactivity_timeout duration=1200
>> max_age=1425895889 expiration=1425810989.91 (2015-03-08T13:36:29)
>> [Sun Mar 08 13:16:29.909637 2015] [:error] [pid 3004] ipa: DEBUG: store
>> session: session_id=4803e184cecb42f2e326391dbb09443d
>> start_timestamp=2015-03-08T13:15:12 access_timestamp=2015-03-08T13:16:29
>> expiration_timestamp=2015-03-08T13:36:29
>> [Sun Mar 08 13:16:29.910004 2015] [:error] [pid 3004] ipa: DEBUG:
>> release_ipa_ccache: KRB5CCNAME environment variable not set
>> [Sun Mar 08 13:16:29.921259 2015] [:error] [pid 3003] ipa: DEBUG: WSGI
>> wsgi_dispatch.__call__:
>> [Sun Mar 08 13:16:29.921351 2015] [:error] [pid 3003] ipa: DEBUG: WSGI
>> jsonserver_session.__call__:
>> [Sun Mar 08 13:16:29.921519 2015] [:error] [pid 3003] ipa: DEBUG: found
>> session cookie_id = 4803e184cecb42f2e326391dbb09443d
>> [Sun Mar 08 13:16:29.921731 2015] [:error] [pid 3003] ipa: DEBUG: no
>> session data in cache with id=4803e184cecb42f2e326391dbb09443d, generating
>> empty session data
>> [Sun Mar 08 13:16:29.921875 2015] [:error] [pid 3003] ipa: DEBUG: store
>> session: session_id=4803e184cecb42f2e326391dbb09443d
>> start_timestamp=2015-03-08T13:16:29 access_timestamp=2015-03-08T13:16:29
>> expiration_timestamp=1970-01-01T03:00:00
>> [Sun Mar 08 13:16:29.922125 2015] [:error] [pid 3003] ipa: DEBUG:
>> jsonserver_session.__call__: session_id=4803e184cecb42f2e326391dbb09443d
>> start_timestamp=2015-03-08T13:16:29 access_timestamp=2015-03-08T13:16:29
>> expiration_timestamp=1970-01-01T03:00:00
>> [Sun Mar 08 13:16:29.922191 2015] [:error] [pid 3003] ipa: DEBUG: no
>> ccache, need login
>> [Sun Mar 08 13:16:29.922265 2015] [:error] [pid 3003] ipa: DEBUG:
>> jsonserver_session: 401 Unauthorized need login
>>
>>
>> On Sun, Mar 8, 2015 at 1:02 PM, Ben .T.George <bentech4you at gmail.com>
>> wrote:
>>
>>> this is the error mesage i am getting on httpd/error_log
>>>
>>> [Sun Mar 08 13:02:02.965470 2015] [auth_kerb:error] [pid 2922] [client
>>> 172.16.107
>>>                                                         .250:60005]
>>> gss_accept_sec_context() failed: An unsupported mechanism was request
>>>
>>>                                       ed (, Unknown error), referer:
>>> https://kwtpocpbis01.solaris.local/ipa/ui/
>>>
>>> On Sun, Mar 8, 2015 at 12:48 PM, Ben .T.George <bentech4you at gmail.com>
>>> wrote:
>>>
>>>> Hi i checked the services and below is my output
>>>>
>>>> [root at kwtpocpbis01 ipa_memcached]# ps -ef | grep  ipa_memcached
>>>> apache    2079     1  0 11:11 ?        00:00:00 /usr/bin/memcached -d -s
>>>> /var/run/ipa_memcached/ipa_memcached -u apache -m 64 -c 1024 -P
>>>> /var/run/ipa_memcached/ipa_memcached.pid
>>>> root      2801  2504  0 12:48 pts/0    00:00:00 grep --color=auto
>>>> ipa_memcached
>>>>
>>>> [root at kwtpocpbis01 ipa_memcached]# ipactl status
>>>> Directory Service: RUNNING
>>>> krb5kdc Service: RUNNING
>>>> kadmin Service: RUNNING
>>>> named Service: RUNNING
>>>> ipa_memcached Service: RUNNING
>>>> httpd Service: RUNNING
>>>> pki-tomcatd Service: RUNNING
>>>> smb Service: RUNNING
>>>> winbind Service: RUNNING
>>>> ipa-otpd Service: RUNNING
>>>> ipa-dnskeysyncd Service: RUNNING
>>>> ipa: INFO: The ipactl command was successful
>>>>
>>>>
>>>> On Sun, Mar 8, 2015 at 10:54 AM, Ben .T.George <bentech4you at gmail.com>
>>>> wrote:
>>>>
>>>>> HI
>>>>>
>>>>> i have free IPA 4.1.2 installed.
>>>>>
>>>>> my web ui always giving "Your session has expired. Please re-login."
>>>>> even i tried from different computer.different browsers..
>>>>>
>>>>> how can i fix this.?
>>>>>
>>>>
>>>>
>>>
>>
> 
> 
>

More information about the Freeipa-users mailing list