We are having issues with the web interface on our free-ipa servers. When we
try and login to the GUI is reports that the session has timed out. We have
checked the date and time is synced with NTP. We have restarted the IPA
services and same issues occur. We have 4 Free-IPA servers all configured as
masters, all 4 show the same web gui login issues. 3 of the servers replicate
the database from the primary Free-IPA server which connects to the AD domain
using winsync. We cannot upgrade to a newer version of Free-IPA and looking at
previous mailing list entries version 4 has the same issues crop up. I have
followed the steps that were suggested for version 4 and nothing is resolving
the login issues to the WebGUI. We can administer the users and hosts from the
command line without issues.
We also are seeing issues on one of the IPA servers that will not sync with the
primary master server. When we try to force a sync we get an error "Update
Failed! Status : [ -1 . LDAP server is not contactable", when we see expect to
see "Update Successful".
This appears after multiple "Update in progress" messages are shown ( the
command we are using is "ipa-replica-manage re-initialize -from <primary
master>" ). When we have the services running on the failing server it stops
users being able to login into clients that authenticate from that failing
Free-IPA server. Once we stop the IPA services on the failing server the issues
If we use the "ipa user-status <username>" command we can see failed login
attempts on the server we cannot re-initialize.
These servers have been running for at least 6 months without any issues, so
network ports between them are all open.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project