On 03/06/2015 11:59 AM, Dan Mossor wrote:



On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal <d...@redhat.com <mailto:d...@redhat.com>> wrote:

    On 03/06/2015 10:35 AM, Dan Mossor wrote:


    On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal <d...@redhat.com
    <mailto:d...@redhat.com>> wrote:


        From your workstation can you use the demo instance
        https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same
        error?

-- Thank you,
        Dmitri Pal

        Sr. Engineering Manager IdM portfolio
        Red Hat, Inc.

    Oh, sorry, I didn't realize I was supposed to check that. For the
    record, yes - I can log into the demo instance on Firefox from my
    workstation. For the sake of completeness, I checked with
    Konquerer also and can log in to the demo instance.

    Regards,
    Dan

    OK, so it seems that something is really broken on that server.
    May be it is easier to start over - up to you. If you want to
    continue troubleshooting we are here to help.

-- Thank you,
    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.

IT WORKS! WOOT!

In the steps of researching a small issue on another hypervisor, I discovered that my underlying network, while operational, was not properly configured. The IPA server and my workstation were supposed to be talking in VLAN 100 and 110, respectively. The network is temporarily configured to route every packet it receives to the proper VLAN, no matter where it originates.

My workstation is indeed on VLAN 110, and is tagging the packets appropriately. The server, however, due to a bridge misconfiguration on the host, was on VLAN 1 and not sending tagged packets at all. But as the router is configured to route all appropriate packets it appeared to be operating normally.

I blew away the network configuration on the host and rebuilt it again, this time ensuring that VLAN 1 was not available on that switch port, and that the packets leaving the host were tagged with VLAN 100. I brought the IPA server back up and was able to log in.

So, chalk this one up to misrouted packets. I didn't even think to look there, the 401 error gave no clue that networking may be the issue.

Regards,
Dan Mossor

I am glad that this hunt is over :-)
Have a nice weekend!

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to