[Freeipa-users] Server error with multiple clients joining domain simultaneously

David Zabner david at cazena.com
Fri Jan 29 15:37:49 UTC 2016 

Any guesses as to why I couldn’t revert to using the mod_auth_kerb library? It seems like this is the only place where the library is referenced one way or the other…

Thanks for all your help.

> On Jan 29, 2016, at 6:35 AM, Petr Spacek <pspacek at redhat.com> wrote:
> 
> Interesting, we have to investigate it!
> 
> Here is a ticket:
> https://fedorahosted.org/freeipa/ticket/5653
> 
> You can Cc yourself to it and watch the progress.
> 
> Petr^2 Spacek
> 
> On 28.1.2016 20:17, David Zabner wrote:
>> I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly)
>> 
>> I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to:
>> <Location "/ipa">
>>  AuthType Kerberos
>>  AuthName "Kerberos Login"
>>  KrbMethodNegotiate on
>>  KrbMethodK5Passwd off
>>  KrbServiceName HTTP
>>  KrbAuthRealms $realm
>>  Krb5KeyTab /etc/httpd/conf/ipa.keytab
>>  KrbSaveCredentials on
>>  KrbConstrainedDelegation on
>>  Require valid-user
>>  ErrorDocument 401 /ipa/errors/unauthorized.html
>> </Location>
>> It just seemed to cause other problems...
>> 
>> On Jan 28, 2016, at 1:44 PM, Izzo, Anthony <aizzo01 at harris.com<mailto:aizzo01 at harris.com>> wrote:
>> 
>> I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances.  (That’s not a solution, just a data point for those interested in this behavior).  Thanks.
>> 
>> 
>> From: Izzo, Anthony (U.S. Person)
>> Sent: Thursday, January 28, 2016 1:35 PM
>> To: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
>> Cc: 'David Zabner' <david at cazena.com<mailto:david at cazena.com>>
>> Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously
>> 
>> Yes, that’s it!
>> 
>> From: David Zabner [mailto:david at cazena.com]
>> Sent: Thursday, January 28, 2016 1:31 PM
>> To: Izzo, Anthony (U.S. Person) <aizzo01 at harris.com<mailto:aizzo01 at harris.com>>
>> Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
>> Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously
>> 
>> This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like?
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>> 
>> 
>> 
> 
> 
> -- 
> Petr^2 Spacek
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list