[Freeipa-users] IPA web ui always giving "Your session has expired. Please re-login."

Martin Kosek mkosek at redhat.com
Mon Mar 9 11:21:38 UTC 2015 

Ok, thanks for information. I would still love to know the real root cause, but
we will now find it now I assume.

Of this issue re-appears, let us know :-)

Thanks,
Martin

On 03/09/2015 09:10 AM, Ben .T.George wrote:
> Hi Martin,
> 
> thanks for your replay.
> 
> yesterday i did lot of this  to fix this issue.
> 
> the issue has been solved by kdestroy and re-initiate the ticket.
> 
> after that restarted ipa service, it got worked
> 
> Regards,
> ben
> 
> On Mon, Mar 9, 2015 at 10:57 AM, Martin Kosek <mkosek at redhat.com> wrote:
> 
>> Thanks for all the data. So it looks like your browser properly forward the
>> session cookie, but it is not recognized on the server even though it was
>> stored before.
>>
>> Especially these lines are strange:
>>
>> [Sun Mar 08 13:16:29.909637 2015] [:error] [pid 3004] ipa: DEBUG: store
>> session: session_id=4803e184cecb42f2e326391dbb09443d
>> start_timestamp=2015-03-08T13:15:12 access_timestamp=2015-03-08T13:16:29
>> expiration_timestamp=2015-03-08T13:36:29
>> ...
>> [Sun Mar 08 13:16:29.921519 2015] [:error] [pid 3003] ipa: DEBUG: found
>> session cookie_id = 4803e184cecb42f2e326391dbb09443d
>> [Sun Mar 08 13:16:29.921731 2015] [:error] [pid 3003] ipa: DEBUG: no
>> session data in cache with id=4803e184cecb42f2e326391dbb09443d, generating
>> empty session data
>>
>> We know that ipa_memcached is running. Can you please also check if there
>> are
>> no SELinux errors in /var/log/audit/audit.log preveting Apache from
>> looking up
>> the session data?
>>
>> Thanks,
>> Martin
>>
>> On 03/08/2015 11:44 AM, Ben .T.George wrote:
>>> i was inspecting the page and got below response.
>>>
>>> http://s21.postimg.org/itv5hf0h3/asdasd.jpg
>>>
>>> http://s3.postimg.org/f6knomt1f/Capture.jpg
>>>
>>> please anyone help me to solve this issue. i just want to create one
>> local
>>> user in IPA
>>>
>>> On Sun, Mar 8, 2015 at 1:17 PM, Ben .T.George <bentech4you at gmail.com>
>> wrote:
>>>
>>>> I enabled debugging mode on default.conf and this is what i am getting
>> on
>>>> error_log
>>>>
>>>> [Sun Mar 08 13:16:18.204363 2015] [auth_kerb:error] [pid 3065] [client
>>>> 172.16.107.250:60088] gss_accept_sec_context() failed: An unsupported
>>>> mechanism was requested (, Unknown error), referer:
>>>> https://kwtpocpbis01.solaris.local/ipa/ui/
>>>> [Sun Mar 08 13:16:29.849339 2015] [:error] [pid 3004] ipa: DEBUG: WSGI
>>>> wsgi_dispatch.__call__:
>>>> [Sun Mar 08 13:16:29.849458 2015] [:error] [pid 3004] ipa: DEBUG: WSGI
>>>> login_password.__call__:
>>>> [Sun Mar 08 13:16:29.849683 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> Obtaining armor ccache:
>>>> principal=HTTP/kwtpocpbis01.solaris.local at SOLARIS.LOCAL
>>>> keytab=/etc/httpd/conf/ipa.keytab
>>>> ccache=/var/run/ipa_memcached/krbcc_A_admin
>>>> [Sun Mar 08 13:16:29.849830 2015] [:error] [pid 3004] ipa: DEBUG:
>> Starting
>>>> external process
>>>> [Sun Mar 08 13:16:29.849923 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> args='/usr/bin/kinit' '-kt' '/etc/httpd/conf/ipa.keytab'
>>>> 'HTTP/kwtpocpbis01.solaris.local at SOLARIS.LOCAL'
>>>> [Sun Mar 08 13:16:29.868747 2015] [:error] [pid 3004] ipa: DEBUG:
>> Process
>>>> finished, return code=0
>>>> [Sun Mar 08 13:16:29.868858 2015] [:error] [pid 3004] ipa: DEBUG:
>> stdout=
>>>> [Sun Mar 08 13:16:29.868955 2015] [:error] [pid 3004] ipa: DEBUG:
>> stderr=
>>>> [Sun Mar 08 13:16:29.869120 2015] [:error] [pid 3004] ipa: DEBUG:
>> Starting
>>>> external process
>>>> [Sun Mar 08 13:16:29.869204 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> args='/usr/bin/kinit' 'admin at SOLARIS.LOCAL' '-T'
>>>> '/var/run/ipa_memcached/krbcc_A_admin'
>>>> [Sun Mar 08 13:16:29.902181 2015] [:error] [pid 3004] ipa: DEBUG:
>> Process
>>>> finished, return code=0
>>>> [Sun Mar 08 13:16:29.902269 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> stdout=Password for admin at SOLARIS.LOCAL:
>>>> [Sun Mar 08 13:16:29.902278 2015] [:error] [pid 3004]
>>>> [Sun Mar 08 13:16:29.902328 2015] [:error] [pid 3004] ipa: DEBUG:
>> stderr=
>>>> [Sun Mar 08 13:16:29.902427 2015] [:error] [pid 3004] ipa: DEBUG: kinit:
>>>> principal=admin at SOLARIS.LOCAL returncode=0, stderr=""
>>>> [Sun Mar 08 13:16:29.902483 2015] [:error] [pid 3004] ipa: DEBUG:
>> Cleanup
>>>> the armor ccache
>>>> [Sun Mar 08 13:16:29.902560 2015] [:error] [pid 3004] ipa: DEBUG:
>> Starting
>>>> external process
>>>> [Sun Mar 08 13:16:29.902621 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> args='/usr/bin/kdestroy' '-A' '-c'
>> '/var/run/ipa_memcached/krbcc_A_admin'
>>>> [Sun Mar 08 13:16:29.908045 2015] [:error] [pid 3004] ipa: DEBUG:
>> Process
>>>> finished, return code=0
>>>> [Sun Mar 08 13:16:29.908121 2015] [:error] [pid 3004] ipa: DEBUG:
>> stdout=
>>>> [Sun Mar 08 13:16:29.908173 2015] [:error] [pid 3004] ipa: DEBUG:
>> stderr=
>>>> [Sun Mar 08 13:16:29.908348 2015] [:error] [pid 3004] ipa: DEBUG: found
>>>> session cookie_id = 4803e184cecb42f2e326391dbb09443d
>>>> [Sun Mar 08 13:16:29.908647 2015] [:error] [pid 3004] ipa: DEBUG: found
>>>> session data in cache with id=4803e184cecb42f2e326391dbb09443d
>>>> [Sun Mar 08 13:16:29.908728 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> finalize_kerberos_acquisition: login_password
>>>> ccache_name="FILE:/var/run/ipa_memcached/krbcc_3004"
>>>> session_id="4803e184cecb42f2e326391dbb09443d"
>>>> [Sun Mar 08 13:16:29.908824 2015] [:error] [pid 3004] ipa: DEBUG:
>> reading
>>>> ccache data from file "/var/run/ipa_memcached/krbcc_3004"
>>>> [Sun Mar 08 13:16:29.909319 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> get_credential_times: principal=krbtgt/SOLARIS.LOCAL at SOLARIS.LOCAL,
>>>> authtime=03/08/15 13:16:29, starttime=03/08/15 13:16:29,
>> endtime=03/09/15
>>>> 13:16:29, renew_till=01/01/70 03:00:00
>>>> [Sun Mar 08 13:16:29.909415 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> KRB5_CCache FILE:/var/run/ipa_memcached/krbcc_3004 endtime=1425896189
>>>> (03/09/15 13:16:29)
>>>> [Sun Mar 08 13:16:29.909538 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> set_session_expiration_time: duration_type=inactivity_timeout
>> duration=1200
>>>> max_age=1425895889 expiration=1425810989.91 (2015-03-08T13:36:29)
>>>> [Sun Mar 08 13:16:29.909637 2015] [:error] [pid 3004] ipa: DEBUG: store
>>>> session: session_id=4803e184cecb42f2e326391dbb09443d
>>>> start_timestamp=2015-03-08T13:15:12 access_timestamp=2015-03-08T13:16:29
>>>> expiration_timestamp=2015-03-08T13:36:29
>>>> [Sun Mar 08 13:16:29.910004 2015] [:error] [pid 3004] ipa: DEBUG:
>>>> release_ipa_ccache: KRB5CCNAME environment variable not set
>>>> [Sun Mar 08 13:16:29.921259 2015] [:error] [pid 3003] ipa: DEBUG: WSGI
>>>> wsgi_dispatch.__call__:
>>>> [Sun Mar 08 13:16:29.921351 2015] [:error] [pid 3003] ipa: DEBUG: WSGI
>>>> jsonserver_session.__call__:
>>>> [Sun Mar 08 13:16:29.921519 2015] [:error] [pid 3003] ipa: DEBUG: found
>>>> session cookie_id = 4803e184cecb42f2e326391dbb09443d
>>>> [Sun Mar 08 13:16:29.921731 2015] [:error] [pid 3003] ipa: DEBUG: no
>>>> session data in cache with id=4803e184cecb42f2e326391dbb09443d,
>> generating
>>>> empty session data
>>>> [Sun Mar 08 13:16:29.921875 2015] [:error] [pid 3003] ipa: DEBUG: store
>>>> session: session_id=4803e184cecb42f2e326391dbb09443d
>>>> start_timestamp=2015-03-08T13:16:29 access_timestamp=2015-03-08T13:16:29
>>>> expiration_timestamp=1970-01-01T03:00:00
>>>> [Sun Mar 08 13:16:29.922125 2015] [:error] [pid 3003] ipa: DEBUG:
>>>> jsonserver_session.__call__: session_id=4803e184cecb42f2e326391dbb09443d
>>>> start_timestamp=2015-03-08T13:16:29 access_timestamp=2015-03-08T13:16:29
>>>> expiration_timestamp=1970-01-01T03:00:00
>>>> [Sun Mar 08 13:16:29.922191 2015] [:error] [pid 3003] ipa: DEBUG: no
>>>> ccache, need login
>>>> [Sun Mar 08 13:16:29.922265 2015] [:error] [pid 3003] ipa: DEBUG:
>>>> jsonserver_session: 401 Unauthorized need login
>>>>
>>>>
>>>> On Sun, Mar 8, 2015 at 1:02 PM, Ben .T.George <bentech4you at gmail.com>
>>>> wrote:
>>>>
>>>>> this is the error mesage i am getting on httpd/error_log
>>>>>
>>>>> [Sun Mar 08 13:02:02.965470 2015] [auth_kerb:error] [pid 2922] [client
>>>>> 172.16.107
>>>>>                                                         .250:60005]
>>>>> gss_accept_sec_context() failed: An unsupported mechanism was request
>>>>>
>>>>>                                       ed (, Unknown error), referer:
>>>>> https://kwtpocpbis01.solaris.local/ipa/ui/
>>>>>
>>>>> On Sun, Mar 8, 2015 at 12:48 PM, Ben .T.George <bentech4you at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi i checked the services and below is my output
>>>>>>
>>>>>> [root at kwtpocpbis01 ipa_memcached]# ps -ef | grep  ipa_memcached
>>>>>> apache    2079     1  0 11:11 ?        00:00:00 /usr/bin/memcached -d
>> -s
>>>>>> /var/run/ipa_memcached/ipa_memcached -u apache -m 64 -c 1024 -P
>>>>>> /var/run/ipa_memcached/ipa_memcached.pid
>>>>>> root      2801  2504  0 12:48 pts/0    00:00:00 grep --color=auto
>>>>>> ipa_memcached
>>>>>>
>>>>>> [root at kwtpocpbis01 ipa_memcached]# ipactl status
>>>>>> Directory Service: RUNNING
>>>>>> krb5kdc Service: RUNNING
>>>>>> kadmin Service: RUNNING
>>>>>> named Service: RUNNING
>>>>>> ipa_memcached Service: RUNNING
>>>>>> httpd Service: RUNNING
>>>>>> pki-tomcatd Service: RUNNING
>>>>>> smb Service: RUNNING
>>>>>> winbind Service: RUNNING
>>>>>> ipa-otpd Service: RUNNING
>>>>>> ipa-dnskeysyncd Service: RUNNING
>>>>>> ipa: INFO: The ipactl command was successful
>>>>>>
>>>>>>
>>>>>> On Sun, Mar 8, 2015 at 10:54 AM, Ben .T.George <bentech4you at gmail.com
>>>
>>>>>> wrote:
>>>>>>
>>>>>>> HI
>>>>>>>
>>>>>>> i have free IPA 4.1.2 installed.
>>>>>>>
>>>>>>> my web ui always giving "Your session has expired. Please re-login."
>>>>>>> even i tried from different computer.different browsers..
>>>>>>>
>>>>>>> how can i fix this.?
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>>
>

More information about the Freeipa-users mailing list