On 01/02/2018 04:39 AM, Florence Blanc-Renaud wrote:
> On 01/01/2018 08:42 PM, Peter Larsen via FreeIPA-users wrote:
>> I'm not sure exactly how to diagnose the actual cause of the issue.
>> Every login, even as "admin" on the ipa/ui returns a "your session has
>> expired. Please re-login". I can use kinit and login just fine - it
>> seems authentication with the host key may be a fault.
>> Now, if apache tries to do something to these files then "duh" of course
>> it's going to be denied. This used to work - so I'm not sure what's
>> going on here? Again, trying to figure out a good process to diagnose to
>> find the root cause.
> Hi,
> just for the record, the warning "failed to set perms..." is a known
> issue (7032: Httpd log: Failed to set perm on ccache [1]) but does not
> cause any harm.

If that means I can ignore it, I'm fine with that. Still, the
installation is kaput :)

> You can find troubleshooting tips related to the administration
> framework in the wiki page Troubleshooting [2].

Thanks - I'd seen those links before, and I don't understand why [2] is
considered "troubleshooting" - I get errors running the commands but it
doesn't get me any closer to find a root cause.

# ipa -vv user-show admin
ipa: DEBUG: found session_cookie in persistent storage for principal
'ad...@demo.net', cookie:
ipa: DEBUG: setting session_cookie into context
ipa: INFO: trying https://host.demo.net/ipa/session/json
ipa: DEBUG: Created connection context.rpcclient_34278480
ipa: INFO: [try 1]: Forwarding 'schema' to json server
ipa: DEBUG: New HTTP connection (host.demo.net)
ipa: DEBUG: HTTP connection destroyed (host.demo.net)
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 703, in
ProtocolError: <ProtocolError for host.demo.net/ipa/session/json: 401

and the error_log still contains the same two messages:

[Tue Jan 02 12:53:45.766170 2018] [:error] [pid 20445] ipa: INFO: 401
Unauthorized: Insufficient access:  Invalid credentials
[Tue Jan 02 12:53:45.780124 2018] [:error] [pid 20444] ipa: INFO: 401
Unauthorized: Insufficient access:  Invalid credentials
[Tue Jan 02 12:53:45.799056 2018] [:warn] [pid 20986] [client] failed to set perms (3140) on file
(/var/run/ipa/ccaches/ad...@demo.net)!, referer:

So if I can ignore the LAST message (which severity is warn - where as
the invalid credentials is just INFO) any ideas where to look for a cause?

 Regards Peter Larsen
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to