Re: [Freeipa-users] Web UI Authentication errors - revisited

Fri, 06 Mar 2015 10:17:18 -0800 

On 03/06/2015 11:59 AM, Dan Mossor wrote:




On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal <[email protected] 
<mailto:[email protected]>> wrote:


    On 03/06/2015 10:35 AM, Dan Mossor wrote:



    On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal <[email protected]
    <mailto:[email protected]>> wrote:


        From your workstation can you use the demo instance
        https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same
        error?


        -- 
        Thank you,

        Dmitri Pal

        Sr. Engineering Manager IdM portfolio
        Red Hat, Inc.

    Oh, sorry, I didn't realize I was supposed to check that. For the
    record, yes - I can log into the demo instance on Firefox from my
    workstation. For the sake of completeness, I checked with
    Konquerer also and can log in to the demo instance.

    Regards,
    Dan


    OK, so it seems that something is really broken on that server.
    May be it is easier to start over - up to you. If you want to
    continue troubleshooting we are here to help.


    -- 
    Thank you,

    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.

IT WORKS! WOOT!


In the steps of researching a small issue on another hypervisor, I 
discovered that my underlying network, while operational, was not 
properly configured. The IPA server and my workstation were supposed 
to be talking in VLAN 100 and 110, respectively. The network is 
temporarily configured to route every packet it receives to the proper 
VLAN, no matter where it originates.



My workstation is indeed on VLAN 110, and is tagging the packets 
appropriately. The server, however, due to a bridge misconfiguration 
on the host, was on VLAN 1 and not sending tagged packets at all. But 
as the router is configured to route all appropriate packets it 
appeared to be operating normally.



I blew away the network configuration on the host and rebuilt it 
again, this time ensuring that VLAN 1 was not available on that switch 
port, and that the packets leaving the host were tagged with VLAN 100. 
I brought the IPA server back up and was able to log in.



So, chalk this one up to misrouted packets. I didn't even think to 
look there, the 401 error gave no clue that networking may be the issue.


Regards,
Dan Mossor


I am glad that this hunt is over :-)
Have a nice weekend!

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

























					Reply via email to