Hi Martin, Good points
Web UI Cannot authenticate to Web UI Make sure that the user can authenticate in CLI, e.g. with kinit $USER --> yes the user can ssh to FreeIPA hosts, and can call kinit without error. Make sure that httpd, dirsrv and ipa_memcached services on the affected FreeIPA server are running. --> httpd, slapd and memcached all running (proved by pgrep -l) Make sure there are no related SELinux AVCs -- SELinux is disabled Make sure that cookies are enabled on the client browser --> enabled Make sure that the time on the FreeIPA server is up to date and there is no (significant) clock skew (freeipa-users thread) --> no clock skew Search for any related errors in /var/log/httpd/error_log --> no errors today Chris From: Martin Kosek <mko...@redhat.com> To: Christopher Lamb/Switzerland/IBM@IBMCH, email@example.com Cc: Alexander Bokovoy <aboko...@redhat.com> Date: 02.02.2016 09:53 Subject: Re: [Freeipa-users] Fw: [Centos7.2 Freeipa 4.2] browser : your session has expired On 02/02/2016 09:49 AM, Christopher Lamb wrote: > > > Sorry, Notes is playing up, and sent the last before I could type any text! > > The POST /ipa/session/login_password is successful. > > but the POST /ipa/session/json and GET /ipa/session/login_kerberos both > give 401 unathorized > > Chris Just to make sure we have covered all possible pit holes we have already gathered on our Troubleshooting page, did check all the advise in this list http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI ?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project