On 03/06/2015 05:59 PM, Dan Mossor wrote:



On Fri, Mar 6, 2015 at 9:43 AM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:

    On 03/06/2015 10:35 AM, Dan Mossor wrote:


    On Fri, Mar 6, 2015 at 9:21 AM, Dmitri Pal <d...@redhat.com
    <mailto:d...@redhat.com>> wrote:


        From your workstation can you use the demo instance
        https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same error?

        --
        Thank you,
        Dmitri Pal

        Sr. Engineering Manager IdM portfolio
        Red Hat, Inc.

    Oh, sorry, I didn't realize I was supposed to check that. For the record,
    yes - I can log into the demo instance on Firefox from my workstation.
    For the sake of completeness, I checked with Konquerer also and can log
    in to the demo instance.

    Regards,
    Dan

    OK, so it seems that something is really broken on that server.
    May be it is easier to start over - up to you. If you want to continue
    troubleshooting we are here to help.

    --
    Thank you,
    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.

IT WORKS! WOOT!

In the steps of researching a small issue on another hypervisor, I discovered
that my underlying network, while operational, was not properly configured. The
IPA server and my workstation were supposed to be talking in VLAN 100 and 110,
respectively. The network is temporarily configured to route every packet it
receives to the proper VLAN, no matter where it originates.

My workstation is indeed on VLAN 110, and is tagging the packets appropriately.
The server, however, due to a bridge misconfiguration on the host, was on VLAN
1 and not sending tagged packets at all. But as the router is configured to
route all appropriate packets it appeared to be operating normally.

I blew away the network configuration on the host and rebuilt it again, this
time ensuring that VLAN 1 was not available on that switch port, and that the
packets leaving the host were tagged with VLAN 100. I brought the IPA server
back up and was able to log in.

So, chalk this one up to misrouted packets. I didn't even think to look there,
the 401 error gave no clue that networking may be the issue.

Regards,
Dan Mossor

Ugh, that one was nasty, I am glad you figured it out. Now, when you know what was the problem, would you maybe have some general Troubleshooting advice to

http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI

that would help people like you uncover the root cause easier?

Thanks,
Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to