We are having issues with the web interface on our free-ipa servers. When we 
try and login to the GUI is reports that the session has timed out. We have 
checked the date and time is synced with NTP. We have restarted the IPA 
services and same issues occur. We have 4 Free-IPA servers all configured as 
masters, all 4 show the same web gui login issues.  3 of the servers replicate 
the database from the primary Free-IPA server which connects to the AD domain 
using winsync. We cannot upgrade to a newer version of Free-IPA and looking at 
previous mailing list entries version 4 has the same issues crop up. I have 
followed the steps that were suggested for version 4 and nothing is resolving 
the login issues to the WebGUI. We can administer the users and hosts from the 
command line without issues.

We also are seeing issues on one of the IPA servers that will not sync with the 
primary master server. When we try to force a sync we get an error "Update 
Failed! Status : [ -1 . LDAP server is not contactable", when we see expect to 
see "Update Successful". 
This appears after multiple  "Update in progress"  messages are shown   ( the 
command we are using is "ipa-replica-manage re-initialize -from <primary 
master>" ). When we have the services running on the failing server it stops 
users being able to login into clients that authenticate from  that failing 
Free-IPA server. Once we stop the IPA services on the failing server the issues 
clear up.
If we use the "ipa user-status <username>" command we can see failed login 
attempts on the server we cannot re-initialize.

These servers have been running for at least 6 months without any issues, so 
network ports between them are all open.



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to