Djerk Geurts via FreeIPA-users wrote: > Today was my second attempt to lift FreeIPA servers to Fedora 38 from 37. > Again it failed. > > Sync and healthchecks were fine, but an (admin) user can't log into the WebUI > and can't do sudo. Login works because I do key based authentication. > > Kinit admin works, but kinit alone doesn't. > > I have a hunch that a keytab gets corrupted somewhere, but I'm baffled as to > why this wouldn't present as different errors. > > Has anyone experienced similar issues? I've rolled the servers back, so don't > have much in the way of logs at the moment.
Without logs its hard to speculate. My only guess is to ensure all your users have a SID assigned. You can try running: ipa config-mod --add-sids --enable-sid Check the 389-ds errors log. It will stop processing if it finds any users who are not in an IPA idrange. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
