[Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your session has expired
Martin Kosek
mkosek at redhat.com
Tue Feb 2 11:10:14 UTC 2016
On 02/02/2016 10:33 AM, Christopher Lamb wrote:
>
> Hi Martin,
>
> Good points
>
> Web UI
> Cannot authenticate to Web UI
> Make sure that the user can authenticate in CLI, e.g. with kinit $USER
> --> yes the user can ssh to FreeIPA hosts, and can call kinit without
> error.
> Make sure that httpd, dirsrv and ipa_memcached services on the affected
> FreeIPA server are running. --> httpd, slapd and memcached all running
> (proved by pgrep -l)
> Make sure there are no related SELinux AVCs -- SELinux is disabled
That made me sad a little, I can only say:
http://stopdisablingselinux.com/ :-)
> Make sure that cookies are enabled on the client browser --> enabled
> Make sure that the time on the FreeIPA server is up to date and there is
> no (significant) clock skew (freeipa-users thread) --> no clock skew
> Search for any related errors in /var/log/httpd/error_log --> no errors
> today
Ok, thanks for ruling out the basic issues, I will let Petr and Alexander dive
in the others. When we discover the culprit, it would be nice to add it to this
list too.
> From: Martin Kosek <mkosek at redhat.com>
> To: Christopher Lamb/Switzerland/IBM at IBMCH,
> freeipa-users at redhat.com
> Cc: Alexander Bokovoy <abokovoy at redhat.com>
> Date: 02.02.2016 09:53
> Subject: Re: [Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your
> session has expired
>
>
>
> On 02/02/2016 09:49 AM, Christopher Lamb wrote:
>>
>>
>> Sorry, Notes is playing up, and sent the last before I could type any
> text!
>>
>> The POST /ipa/session/login_password is successful.
>>
>> but the POST /ipa/session/json and GET /ipa/session/login_kerberos both
>> give 401 unathorized
>>
>> Chris
>
> Just to make sure we have covered all possible pit holes we have already
> gathered on our Troubleshooting page, did check all the advise in this list
>
> http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
>
> ?
>
>
>
>
More information about the Freeipa-users
mailing list