On 01/02/2018 04:39 AM, Florence Blanc-Renaud wrote:
> On 01/01/2018 08:42 PM, Peter Larsen via FreeIPA-users wrote:
>> I'm not sure exactly how to diagnose the actual cause of the issue.
>> Every login, even as "admin" on the ipa/ui returns a "your session has
>> expired. Please re-login". I can use kinit and login just fine - it
>> seems authentication with the host key may be a fault.
>>
>> Now, if apache tries to do something to these files then "duh" of course
>> it's going to be denied. This used to work - so I'm not sure what's
>> going on here? Again, trying to figure out a good process to diagnose to
>> find the root cause.
>>
> Hi,
> 
> just for the record, the warning "failed to set perms..." is a known
> issue (7032: Httpd log: Failed to set perm on ccache [1]) but does not
> cause any harm.

If that means I can ignore it, I'm fine with that. Still, the
installation is kaput :)

> 
> You can find troubleshooting tips related to the administration
> framework in the wiki page Troubleshooting [2].

Thanks - I'd seen those links before, and I don't understand why [2] is
considered "troubleshooting" - I get errors running the commands but it
doesn't get me any closer to find a root cause.

# ipa -vv user-show admin
ipa: DEBUG: found session_cookie in persistent storage for principal
'ad...@demo.net', cookie:
'ipa_session=MagBearerToken=YWIQGJVrLzlVCsBgW9t7tlaL1U1lIjB8ff6hlT9FChL8o97QqqvB97f2zIRdypjQ%2bkyTBbEauBeUmVv4A4S1JidafSIsWTf%2bTR%2fTX81QmLksP4EKLzrAQtWena1tcNohJb0NzqqpgN4UdANwDp8TnQ%2bgZMQCzo6ATH8mh20Z5ZD6R6ue2u6hUgs4nWlQs2KD'
ipa: DEBUG: setting session_cookie into context
'ipa_session=MagBearerToken=YWIQGJVrLzlVCsBgW9t7tlaL1U1lIjB8ff6hlT9FChL8o97QqqvB97f2zIRdypjQ%2bkyTBbEauBeUmVv4A4S1JidafSIsWTf%2bTR%2fTX81QmLksP4EKLzrAQtWena1tcNohJb0NzqqpgN4UdANwDp8TnQ%2bgZMQCzo6ATH8mh20Z5ZD6R6ue2u6hUgs4nWlQs2KD;'
ipa: INFO: trying https://host.demo.net/ipa/session/json
ipa: DEBUG: Created connection context.rpcclient_34278480
ipa: INFO: [try 1]: Forwarding 'schema' to json server
'https://host.demo.net/ipa/session/json'
ipa: DEBUG: New HTTP connection (host.demo.net)
ipa: DEBUG: HTTP connection destroyed (host.demo.net)
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipalib/rpc.py", line 703, in
single_request
    response.msg)
ProtocolError: <ProtocolError for host.demo.net/ipa/session/json: 401
Unauthorized>

and the error_log still contains the same two messages:

[Tue Jan 02 12:53:45.766170 2018] [:error] [pid 20445] ipa: INFO: 401
Unauthorized: Insufficient access:  Invalid credentials
[Tue Jan 02 12:53:45.780124 2018] [:error] [pid 20444] ipa: INFO: 401
Unauthorized: Insufficient access:  Invalid credentials
[Tue Jan 02 12:53:45.799056 2018] [:warn] [pid 20986] [client
10.10.10.70:49104] failed to set perms (3140) on file
(/var/run/ipa/ccaches/ad...@demo.net)!, referer:
https://host.demo.net/ipa/xml

So if I can ignore the LAST message (which severity is warn - where as
the invalid credentials is just INFO) any ideas where to look for a cause?


-- 
 Regards Peter Larsen
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to