when we upgrade ipa-server-4.9.12-9 to ipa-server-4.9.12-11 on RHEL 8, we can't login to web. the web give me message: “Your session has expired. Please log in again.”
we check the error_log [Thu Jan 18 21:56:42.535394 2024] [auth_gssapi:error] [pid 11025:tid 139639453087488] [client 118.184.176.67:30891] Failed to unseal session data!, referer: https://id1.netegn.com/ipa/xml [Thu Jan 18 21:56:43.113937 2024] [wsgi:error] [pid 11021:tid 139639621613312] [remote 118.184.176.67:30891] ipa: INFO: 401 Unauthorized: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credential cache is empty) [Thu Jan 18 21:56:43.611962 2024] [wsgi:error] [pid 11023:tid 139639621613312] [remote 118.184.176.67:30893] ipa: INFO: 401 Unauthorized: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Credential cache is empty) all three ipa server failed. we can't resolve the problem, we restore the snapshot and it recovery. we install RHEL 9.3 with ipa-server-4.10.2-5,set it as replicator of master ipa server, it has same problem. -- Peng Yong
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
