On Fri, Mar 6, 2015 at 1:53 PM, Martin Kosek <[email protected]> wrote:
> On 03/06/2015 05:59 PM, Dan Mossor wrote: > >> >> IT WORKS! WOOT! >> >> In the steps of researching a small issue on another hypervisor, I >> discovered >> that my underlying network, while operational, was not properly >> configured. The >> IPA server and my workstation were supposed to be talking in VLAN 100 and >> 110, >> respectively. The network is temporarily configured to route every packet >> it >> receives to the proper VLAN, no matter where it originates. >> >> My workstation is indeed on VLAN 110, and is tagging the packets >> appropriately. >> The server, however, due to a bridge misconfiguration on the host, was on >> VLAN >> 1 and not sending tagged packets at all. But as the router is configured >> to >> route all appropriate packets it appeared to be operating normally. >> >> I blew away the network configuration on the host and rebuilt it again, >> this >> time ensuring that VLAN 1 was not available on that switch port, and that >> the >> packets leaving the host were tagged with VLAN 100. I brought the IPA >> server >> back up and was able to log in. >> >> So, chalk this one up to misrouted packets. I didn't even think to look >> there, >> the 401 error gave no clue that networking may be the issue. >> >> Regards, >> Dan Mossor >> > > Ugh, that one was nasty, I am glad you figured it out. Now, when you know > what was the problem, would you maybe have some general Troubleshooting > advice to > > http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI > > that would help people like you uncover the root cause easier? > > Thanks, > Martin > Martin, I would love to. Let me think on an effective method to target networking issues, and I'll write something up for the wiki. Regards, Dan
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
