I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly)
I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to: <Location "/ipa"> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate on KrbMethodK5Passwd off KrbServiceName HTTP KrbAuthRealms $realm Krb5KeyTab /etc/httpd/conf/ipa.keytab KrbSaveCredentials on KrbConstrainedDelegation on Require valid-user ErrorDocument 401 /ipa/errors/unauthorized.html </Location> It just seemed to cause other problems... On Jan 28, 2016, at 1:44 PM, Izzo, Anthony <[email protected]<mailto:[email protected]>> wrote: I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That’s not a solution, just a data point for those interested in this behavior). Thanks. From: Izzo, Anthony (U.S. Person) Sent: Thursday, January 28, 2016 1:35 PM To: [email protected]<mailto:[email protected]> Cc: 'David Zabner' <[email protected]<mailto:[email protected]>> Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously Yes, that’s it! From: David Zabner [mailto:[email protected]] Sent: Thursday, January 28, 2016 1:31 PM To: Izzo, Anthony (U.S. Person) <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
