>On 11/27/2013 12:51 AM, Dmitri Pal wrote:
>> On 11/26/2013 05:15 PM, siology.io wrote:>>> for what it's worth, kinit on 
>> the command line of the ipa server works>>> just fine, and detects the realm 
>> ok.>> >> OK then let us rule out DNS for a moment.>> >> Have you checked the 
>> KDC log to see whether the authentication actually>> occurred?>> If kinit 
>> works, I suspect it works too but worth checking.>> >> May be there are some 
>> problems with memcached after the form based>> authentication to cache the 
>> authentication. KDC log would show whether>> the kinit and follow up service 
>> ticket request for LDAP access actually>> occurred.>>>This is a good 
>> suggestion. Please see if ipa_memcached daemon is running, there>was a 
>> glitch in one of the upgrades in the past which did not configure 
>> it>correctly.  If it is not, I can advise how to fix it.>Martin

ok. this problem is like a zombie. it just keeps coming !

I *think* i got this working back in november, but i'm not 100% sure
because on discovering the issue is still there now on at least one of
my replicas and then going to turn on debugging mode, i found it was
already on !

To answer your query from back then though; yes memcached is running
and seems to be ok. i tried restarting it (as part of an ipa restart)
and i still see timeouts on login after entering my authentication

Oddly though, going back to the head of this thread i claimed i was
having the issues on my master and replica IPA servers. That isn't the
case now at least - its just on the replica, so i must have fixed
it.... somehow ?! or it disappeared ? Annoying as hell though, either
Freeipa-users mailing list

Reply via email to