Hi Martin,

Good points

Web UI
Cannot authenticate to Web UI
   Make sure that the user can authenticate in CLI, e.g. with kinit $USER
   --> yes the user can ssh to FreeIPA hosts, and can call kinit without
   Make sure that httpd, dirsrv and ipa_memcached services on the affected
   FreeIPA server are running. --> httpd, slapd and memcached all running
   (proved by pgrep -l)
   Make sure there are no related SELinux AVCs -- SELinux is disabled
   Make sure that cookies are enabled on the client browser --> enabled
   Make sure that the time on the FreeIPA server is up to date and there is
   no (significant) clock skew (freeipa-users thread) --> no clock skew
   Search for any related errors in /var/log/httpd/error_log --> no errors


From:   Martin Kosek <mko...@redhat.com>
To:     Christopher Lamb/Switzerland/IBM@IBMCH,
Cc:     Alexander Bokovoy <aboko...@redhat.com>
Date:   02.02.2016 09:53
Subject:        Re: [Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your
            session has expired

On 02/02/2016 09:49 AM, Christopher Lamb wrote:
> Sorry, Notes is playing up, and sent the last before I could type any
> The POST /ipa/session/login_password is successful.
> but the POST /ipa/session/json  and  GET /ipa/session/login_kerberos both
> give 401 unathorized
> Chris

Just to make sure we have covered all possible pit holes we have already
gathered on our Troubleshooting page, did check all the advise in this list



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to