On 01/02/2018 04:39 AM, Florence Blanc-Renaud wrote: > On 01/01/2018 08:42 PM, Peter Larsen via FreeIPA-users wrote: >> I'm not sure exactly how to diagnose the actual cause of the issue. >> Every login, even as "admin" on the ipa/ui returns a "your session has >> expired. Please re-login". I can use kinit and login just fine - it >> seems authentication with the host key may be a fault. >> >> Now, if apache tries to do something to these files then "duh" of course >> it's going to be denied. This used to work - so I'm not sure what's >> going on here? Again, trying to figure out a good process to diagnose to >> find the root cause. >> > Hi, > > just for the record, the warning "failed to set perms..." is a known > issue (7032: Httpd log: Failed to set perm on ccache ) but does not > cause any harm.
If that means I can ignore it, I'm fine with that. Still, the installation is kaput :) > > You can find troubleshooting tips related to the administration > framework in the wiki page Troubleshooting . Thanks - I'd seen those links before, and I don't understand why  is considered "troubleshooting" - I get errors running the commands but it doesn't get me any closer to find a root cause. # ipa -vv user-show admin ipa: DEBUG: found session_cookie in persistent storage for principal 'ad...@demo.net', cookie: 'ipa_session=MagBearerToken=YWIQGJVrLzlVCsBgW9t7tlaL1U1lIjB8ff6hlT9FChL8o97QqqvB97f2zIRdypjQ%2bkyTBbEauBeUmVv4A4S1JidafSIsWTf%2bTR%2fTX81QmLksP4EKLzrAQtWena1tcNohJb0NzqqpgN4UdANwDp8TnQ%2bgZMQCzo6ATH8mh20Z5ZD6R6ue2u6hUgs4nWlQs2KD' ipa: DEBUG: setting session_cookie into context 'ipa_session=MagBearerToken=YWIQGJVrLzlVCsBgW9t7tlaL1U1lIjB8ff6hlT9FChL8o97QqqvB97f2zIRdypjQ%2bkyTBbEauBeUmVv4A4S1JidafSIsWTf%2bTR%2fTX81QmLksP4EKLzrAQtWena1tcNohJb0NzqqpgN4UdANwDp8TnQ%2bgZMQCzo6ATH8mh20Z5ZD6R6ue2u6hUgs4nWlQs2KD;' ipa: INFO: trying https://host.demo.net/ipa/session/json ipa: DEBUG: Created connection context.rpcclient_34278480 ipa: INFO: [try 1]: Forwarding 'schema' to json server 'https://host.demo.net/ipa/session/json' ipa: DEBUG: New HTTP connection (host.demo.net) ipa: DEBUG: HTTP connection destroyed (host.demo.net) Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 703, in single_request response.msg) ProtocolError: <ProtocolError for host.demo.net/ipa/session/json: 401 Unauthorized> and the error_log still contains the same two messages: [Tue Jan 02 12:53:45.766170 2018] [:error] [pid 20445] ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credentials [Tue Jan 02 12:53:45.780124 2018] [:error] [pid 20444] ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credentials [Tue Jan 02 12:53:45.799056 2018] [:warn] [pid 20986] [client 10.10.10.70:49104] failed to set perms (3140) on file (/var/run/ipa/ccaches/ad...@demo.net)!, referer: https://host.demo.net/ipa/xml So if I can ignore the LAST message (which severity is warn - where as the invalid credentials is just INFO) any ideas where to look for a cause? -- Regards Peter Larsen _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org