Hi Alexander, I did perform ipa-server-upgrade and it did apply all changes indeed.
Attached the ipa.conf file. First attempt to use Web UI gave me the error as per attached png. And httpd error.log shows the following: [Fri Aug 18 12:49:48.196040 2017] [auth_gssapi:error] [pid 4944] [client 123.123.123.123:58673] NO AUTH DATA Client did not send any authentication headers, referer: https://aws-ipa1.firstderivatives.com/ipa/ui/ [Fri Aug 18 12:49:48.235657 2017] [auth_gssapi:error] [pid 4944] [client 123.123.123.123:58673] GSS ERROR In Negotiate Auth: gss_accept_sec_context() failed: [An unsupported mechanism was requested (Unknown error)], referer: https://aws-ipa1.firstderivatives.com/ipa/ui/ So basically now it is not even letting me into login page. Will dig a little more for this new error. Thanks -----Original Message----- From: Alexander Bokovoy [mailto:aboko...@redhat.com] Sent: 18 August 2017 13:01 To: FreeIPA users list Cc: Stefan Uygur; Troels Hansen; Fraser Tweedale Subject: Re: [Freeipa-users] Re: web UI - login failed after updates on server On pe, 18 elo 2017, Alexander Bokovoy via FreeIPA-users wrote: >On pe, 18 elo 2017, Stefan Uygur wrote: >>Yeah sorry, the debug logs were not included originally. Re to RPMs, I >>have removed all dupes, they were many. All is clean now and the >>system is up to date. >> >>Attached is the ipa.conf file. >Alias for /session/cookie is missing in it. > >You can see a correct ipa.conf here: >https://pagure.io/freeipa/blob/master/f/install/conf/ipa.conf > >You need to make sure your version has all parts, including > ># Target for login with internal connections Alias /ipa/session/cookie >"/usr/share/ipa/gssapi.login" BTW, your ipa.conf has version 22 while a proper version should be 27. Combined together with the fact that you had duplicates in rpms, looks like there was general upgrade issue that did not complete overall upgrade. It may be better to run ipa-server-upgrade manually to see if some other parts were missing. -- / Alexander Bokovoy *********************************************************************************************** This email, its contents and any files attached are a confidential communication and are intended only for the named addressees indicated in the message. If you are not the named addressee or if you have received this email in error, you may not, without the consent of First Derivatives, copy, use or rely on any information or attachments in any way. Please notify the sender by return email and delete it from your email system. Unless separately agreed, First Derivatives does not accept any responsibility for the accuracy or completeness of the contents of this email or its attachments. Please note that any views, opinion or advice contained in this communication are those of the sending individual and not those of First Derivatives and First Derivatives shall have no liability whatsoever in relation to this communication (or its content) unless separately agreed. ***********************************************************************************************
ipa.conf
Description: ipa.conf
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
