Good day, folks. This time it is something different, yet the same. I have re-deployed my IPA installation due to some underlying issues with the host of the virtual machine. Even with the new installation, I cannot authenticate through the web UI.
So far, there is exactly one client in the domain (my workstation), and exactly one user - admin. I am not comfortable with the command line tools, and I have others below my position that require a GUI for management purposes, so I have to make this work to proceed any further. Following up with the information Martin asked for in my previous thread, let me walk you through the process: I attempted to log in to https://vader.rez.lcl/, and received the error "Your session has expired. Please re-login." At this point, I clicked the link to configure Firefox. On the command line, I obtained a kerberos ticket for admin (note - I am root on this workstation for the time being): [root@dmfedora ~]# kinit admin Password for [email protected]: [root@dmfedora ~]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: [email protected] Valid starting Expires Service principal 03/05/2015 14:46:22 03/06/2015 14:46:15 krbtgt/[email protected] I then finished the Firefox configuration, and attempted to log in again. I still received the error. The Firefox console shows: POST https://vader.rez.lcl/ipa/session/login_password [HTTP/1.1 200 Success 756ms] POST https://vader.rez.lcl/ipa/session/json [HTTP/1.1 401 Unauthorized 3ms] GET https://vader.rez.lcl/ipa/session/login_kerberos [HTTP/1.1 401 Unauthorized 2ms] GET https://vader.rez.lcl/ipa/session/login_kerberos [HTTP/1.1 200 Success 26ms] POST https://vader.rez.lcl/ipa/session/json [HTTP/1.1 401 Unauthorized 4ms] /var/log/krb5kdc.log during the process: Mar 05 21:06:30 vader.rez.lcl krb5kdc[1073](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.1.0.1: NEEDED_PREAUTH: HTTP/[email protected] for krbtgt/[email protected], Additional pre-authentication required Mar 05 21:06:30 vader.rez.lcl krb5kdc[1073](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.1.0.1: ISSUE: authtime 1425589590, etypes {rep=18 tkt=18 ses=18}, HTTP/[email protected] for krbtgt/[email protected] Mar 05 21:06:30 vader.rez.lcl krb5kdc[1073](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.1.0.1: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required Mar 05 21:06:30 vader.rez.lcl krb5kdc[1073](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.1.0.1: ISSUE: authtime 1425589590, etypes {rep=18 tkt=18 ses=18}, [email protected] for krbtgt/[email protected] /var/log/httpd/access_log shows the same thing as the Firefox console: 10.1.1.15 - - [05/Mar/2015:21:06:30 +0000] "POST /ipa/session/login_password HTTP/1.1" 200 25 10.1.1.15 - - [05/Mar/2015:21:06:31 +0000] "POST /ipa/session/json HTTP/1.1" 401 - 10.1.1.15 - - [05/Mar/2015:21:06:31 +0000] "GET /ipa/session/login_kerberos?_=1425587158134 HTTP/1.1" 401 1469 10.1.1.15 - [email protected] [05/Mar/2015:21:06:31 +0000] "GET /ipa/session/login_kerberos?_=1425587158134 HTTP/1.1" 200 20 10.1.1.15 - - [05/Mar/2015:21:06:31 +0000] "POST /ipa/session/json HTTP/1.1" 401 - Nothing is entered into any error logs, the audit log, or the system journal. I am at my wits end here, and lost. What other information do you need to help me solve this problem? Thank you, Dan Mossor -- Dan Mossor, RHCSA Systems Engineer at Large Fedora Plasma Product WG | Fedora QA Team | Fedora Server WG Fedora Infrastructure Apprentice FAS: dmossor IRC: danofsatx San Antonio, Texas, USA
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
