I just installed a new server on Fedora 21 Server, using the rolekit deployment tool. Everything was installed and configured (I hope) properly, but I'm running into a problem. The version is freeipa-server-4.1.2-1.fc21.x86_64, and I can connect to the WebUI only after a restart of ipa.service.

After approximately 15 minutes, I am kicked out of the active session - while in the middle of using it - and cannot log back in. Login was attempted from 4 browsers across two machines, and every time the login screen returns with "Your session has expired. Please re-login."


/var/log/httpd/errors is showing the following:
[Fri Feb 20 00:37:03.972736 2015] [auth_kerb:error] [pid 1158] [client 10.1.0.15:54958] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ASN.1 structure is missing a required field), referer: https://vader.dom.net/ipa/ui/index.html [Fri Feb 20 00:37:34.300510 2015] [auth_kerb:error] [pid 1173] [client 10.1.0.15:54961] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ASN.1 structure is missing a required field), referer: https://vader.dom.net/ipa/ui/index.html [Fri Feb 20 00:37:34.406615 2015] [auth_kerb:error] [pid 1616] [client 10.1.0.15:54965] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ASN.1 structure is missing a required field), referer: https://vader.dom.net/ipa/ui/index.html [Fri Feb 20 00:37:50.356014 2015] [auth_kerb:error] [pid 1161] [client 10.1.0.15:54966] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ASN.1 structure is missing a required field), referer: https://vader.dom.net/ipa/ui/index.html [Fri Feb 20 00:37:52.263088 2015] [auth_kerb:error] [pid 1417] [client 10.1.0.15:54968] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ASN.1 structure is missing a required field), referer: https://vader.dom.net/ipa/ui/index.html [Fri Feb 20 00:37:52.327075 2015] [auth_kerb:error] [pid 1168] [client 10.1.0.15:54967] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, ASN.1 structure is missing a required field), referer: https://vader.dom.net/ipa/ui/index.html [Fri Feb 20 00:45:35.603016 2015] [auth_kerb:error] [pid 1173] [client 10.1.1.17:54157] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error), referer: https://vader.dom.net/ipa/ui/

Restarting httpd, I can log in, and am immediately logged out again with the above errors.

Restarting ipa.service, I was able to log in with my user account, and was notified that my password expires in 0 days - even though it was just created less than an hour ago.

Is this a known issue, or is there a hidden problem with the rolekit deployment that I need to track down?



--
Dan Mossor, RHCSA
Systems Engineer at Large
Fedora Plasma Product WG | Fedora QA Team | Fedora Server WG
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to