[Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your session has expired

Martin Kosek mkosek at redhat.com
Tue Feb 2 11:10:14 UTC 2016 

On 02/02/2016 10:33 AM, Christopher Lamb wrote:
> 
> Hi Martin,
> 
> Good points
> 
> Web UI
> Cannot authenticate to Web UI
>    Make sure that the user can authenticate in CLI, e.g. with kinit $USER
>    --> yes the user can ssh to FreeIPA hosts, and can call kinit without
>    error.
>    Make sure that httpd, dirsrv and ipa_memcached services on the affected
>    FreeIPA server are running. --> httpd, slapd and memcached all running
>    (proved by pgrep -l)
>    Make sure there are no related SELinux AVCs -- SELinux is disabled

That made me sad a little, I can only say:

http://stopdisablingselinux.com/ :-)

>    Make sure that cookies are enabled on the client browser --> enabled
>    Make sure that the time on the FreeIPA server is up to date and there is
>    no (significant) clock skew (freeipa-users thread) --> no clock skew
>    Search for any related errors in /var/log/httpd/error_log --> no errors
>    today

Ok, thanks for ruling out the basic issues, I will let Petr and Alexander dive
in the others. When we discover the culprit, it would be nice to add it to this
list too.

> From:	Martin Kosek <mkosek at redhat.com>
> To:	Christopher Lamb/Switzerland/IBM at IBMCH,
>             freeipa-users at redhat.com
> Cc:	Alexander Bokovoy <abokovoy at redhat.com>
> Date:	02.02.2016 09:53
> Subject:	Re: [Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your
>             session has expired
> 
> 
> 
> On 02/02/2016 09:49 AM, Christopher Lamb wrote:
>>
>>
>> Sorry, Notes is playing up, and sent the last before I could type any
> text!
>>
>> The POST /ipa/session/login_password is successful.
>>
>> but the POST /ipa/session/json  and  GET /ipa/session/login_kerberos both
>> give 401 unathorized
>>
>> Chris
> 
> Just to make sure we have covered all possible pit holes we have already
> gathered on our Troubleshooting page, did check all the advise in this list
> 
> http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
> 
> ?
> 
> 
> 
>

More information about the Freeipa-users mailing list