Hello, We are having issues with the web interface on our free-ipa servers. When we try and login to the GUI is reports that the session has timed out. We have checked the date and time is synced with NTP. We have restarted the IPA services and same issues occur. We have 4 Free-IPA servers all configured as masters, all 4 show the same web gui login issues. 3 of the servers replicate the database from the primary Free-IPA server which connects to the AD domain using winsync. We cannot upgrade to a newer version of Free-IPA and looking at previous mailing list entries version 4 has the same issues crop up. I have followed the steps that were suggested for version 4 and nothing is resolving the login issues to the WebGUI. We can administer the users and hosts from the command line without issues.
We also are seeing issues on one of the IPA servers that will not sync with the primary master server. When we try to force a sync we get an error "Update Failed! Status : [ -1 . LDAP server is not contactable", when we see expect to see "Update Successful". This appears after multiple "Update in progress" messages are shown ( the command we are using is "ipa-replica-manage re-initialize -from <primary master>" ). When we have the services running on the failing server it stops users being able to login into clients that authenticate from that failing Free-IPA server. Once we stop the IPA services on the failing server the issues clear up. If we use the "ipa user-status <username>" command we can see failed login attempts on the server we cannot re-initialize. These servers have been running for at least 6 months without any issues, so network ports between them are all open. Regards Stuart -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project