I just installed a new server on Fedora 21 Server, using the rolekit
deployment tool. Everything was installed and configured (I hope)
properly, but I'm running into a problem. The version is
freeipa-server-4.1.2-1.fc21.x86_64, and I can connect to the WebUI only
after a restart of ipa.service.
After approximately 15 minutes, I am kicked out of the active session -
while in the middle of using it - and cannot log back in. Login was
attempted from 4 browsers across two machines, and every time the login
screen returns with "Your session has expired. Please re-login."
/var/log/httpd/errors is showing the following:
[Fri Feb 20 00:37:03.972736 2015] [auth_kerb:error] [pid 1158] [client
10.1.0.15:54958] gss_accept_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information (, ASN.1 structure is
missing a required field), referer: https://vader.dom.net/ipa/ui/index.html
[Fri Feb 20 00:37:34.300510 2015] [auth_kerb:error] [pid 1173] [client
10.1.0.15:54961] gss_accept_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information (, ASN.1 structure is
missing a required field), referer: https://vader.dom.net/ipa/ui/index.html
[Fri Feb 20 00:37:34.406615 2015] [auth_kerb:error] [pid 1616] [client
10.1.0.15:54965] gss_accept_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information (, ASN.1 structure is
missing a required field), referer: https://vader.dom.net/ipa/ui/index.html
[Fri Feb 20 00:37:50.356014 2015] [auth_kerb:error] [pid 1161] [client
10.1.0.15:54966] gss_accept_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information (, ASN.1 structure is
missing a required field), referer: https://vader.dom.net/ipa/ui/index.html
[Fri Feb 20 00:37:52.263088 2015] [auth_kerb:error] [pid 1417] [client
10.1.0.15:54968] gss_accept_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information (, ASN.1 structure is
missing a required field), referer: https://vader.dom.net/ipa/ui/index.html
[Fri Feb 20 00:37:52.327075 2015] [auth_kerb:error] [pid 1168] [client
10.1.0.15:54967] gss_accept_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information (, ASN.1 structure is
missing a required field), referer: https://vader.dom.net/ipa/ui/index.html
[Fri Feb 20 00:45:35.603016 2015] [auth_kerb:error] [pid 1173] [client
10.1.1.17:54157] gss_accept_sec_context() failed: An unsupported
mechanism was requested (, Unknown error), referer:
https://vader.dom.net/ipa/ui/
Restarting httpd, I can log in, and am immediately logged out again with
the above errors.
Restarting ipa.service, I was able to log in with my user account, and
was notified that my password expires in 0 days - even though it was
just created less than an hour ago.
Is this a known issue, or is there a hidden problem with the rolekit
deployment that I need to track down?
--
Dan Mossor, RHCSA
Systems Engineer at Large
Fedora Plasma Product WG | Fedora QA Team | Fedora Server WG
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
