>On 11/27/2013 12:51 AM, Dmitri Pal wrote: >> On 11/26/2013 05:15 PM, siology.io wrote:>>> for what it's worth, kinit on >> the command line of the ipa server works>>> just fine, and detects the realm >> ok.>> >> OK then let us rule out DNS for a moment.>> >> Have you checked the >> KDC log to see whether the authentication actually>> occurred?>> If kinit >> works, I suspect it works too but worth checking.>> >> May be there are some >> problems with memcached after the form based>> authentication to cache the >> authentication. KDC log would show whether>> the kinit and follow up service >> ticket request for LDAP access actually>> occurred.>>>This is a good >> suggestion. Please see if ipa_memcached daemon is running, there>was a >> glitch in one of the upgrades in the past which did not configure >> it>correctly. If it is not, I can advise how to fix it.>Martin
ok. this problem is like a zombie. it just keeps coming ! I *think* i got this working back in november, but i'm not 100% sure because on discovering the issue is still there now on at least one of my replicas and then going to turn on debugging mode, i found it was already on ! To answer your query from back then though; yes memcached is running and seems to be ok. i tried restarting it (as part of an ipa restart) and i still see timeouts on login after entering my authentication details. Oddly though, going back to the head of this thread i claimed i was having the issues on my master and replica IPA servers. That isn't the case now at least - its just on the replica, so i must have fixed it.... somehow ?! or it disappeared ? Annoying as hell though, either way.
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users