On Fri, Mar 6, 2015 at 1:53 PM, Martin Kosek <mko...@redhat.com> wrote:

> On 03/06/2015 05:59 PM, Dan Mossor wrote:
>> In the steps of researching a small issue on another hypervisor, I
>> discovered
>> that my underlying network, while operational, was not properly
>> configured. The
>> IPA server and my workstation were supposed to be talking in VLAN 100 and
>> 110,
>> respectively. The network is temporarily configured to route every packet
>> it
>> receives to the proper VLAN, no matter where it originates.
>> My workstation is indeed on VLAN 110, and is tagging the packets
>> appropriately.
>> The server, however, due to a bridge misconfiguration on the host, was on
>> 1 and not sending tagged packets at all. But as the router is configured
>> to
>> route all appropriate packets it appeared to be operating normally.
>> I blew away the network configuration on the host and rebuilt it again,
>> this
>> time ensuring that VLAN 1 was not available on that switch port, and that
>> the
>> packets leaving the host were tagged with VLAN 100. I brought the IPA
>> server
>> back up and was able to log in.
>> So, chalk this one up to misrouted packets. I didn't even think to look
>> there,
>> the 401 error gave no clue that networking may be the issue.
>> Regards,
>> Dan Mossor
> Ugh, that one was nasty, I am glad you figured it out. Now, when you know
> what was the problem, would you maybe have some general Troubleshooting
> advice to
> http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
> that would help people like you uncover the root cause easier?
> Thanks,
> Martin

I would love to. Let me think on an effective method to target networking
issues, and I'll write something up for the wiki.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to