On my fairly recently created replica, trying to sign on to the webUI fails both with a ticket and with username/password. The httpd error log reports:
[Thu Feb 03 09:43:20.551081 2022] [wsgi:error] [pid 332932:tid 140681111185152] [remote 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] ipa: INFO: [jsonserver_i18n_messages] UNKNOWN: i18n_messages(version='2.237'): SUCCESS [Thu Feb 03 09:43:21.096431 2022] [auth_gssapi:error] [pid 332935:tid 140680940726016] [client 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] Failed to unseal session data!, referer: https://server.example.com/ipa/ui/ [Thu Feb 03 09:43:21.146884 2022] [auth_gssapi:error] [pid 332935:tid 140681090156288] [client 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] Failed to unseal session data!, referer: https://server.example.com/ipa/ui/ [Thu Feb 03 09:43:21.605055 2022] [auth_gssapi:error] [pid 332935:tid 140681090156288] [client 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] GSS ERROR gss_acquire_cred[_from]() failed to get server creds: [Unspecified GSS failure. Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate)], referer: https://server.example.com/ipa/ui/ [Thu Feb 03 09:43:21.621376 2022] [auth_gssapi:error] [pid 332935:tid 140680923940608] [client 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] Failed to unseal session data!, referer: https://server.example.com/ipa/ui/ [Thu Feb 03 09:43:21.672265 2022] [auth_gssapi:error] [pid 332935:tid 140680907155200] [client 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] Failed to unseal session data!, referer: https://server.example.com/ipa/ui/ [Thu Feb 03 09:43:22.019527 2022] [auth_gssapi:error] [pid 332935:tid 140680907155200] [client 2001:123:aa:123:0:90cc:a629:cf42:5877:50870] GSS ERROR gss_acquire_cred[_from]() failed to get server creds: [Unspecified GSS failure. Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate)], referer: https://server.example.com/ipa/ui/ I found some google hits on gssproxy being the culprit but I can't seem to find anything wrong with it. It's not logging any errors or such. Any ideas on what the problem could be here? Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
