I have been investigating this problem on our cluster for countless hours over
the past week, and am no closer to a solution. Just wanted to see if anyone has
some insight.
Recently, something in the FreeIPA setup broke for what seems like no reason.
The symptoms are:
- WebUI no longer works, and trying to login with any account gives "Your
session has expired. Please log in again."
- None of the FreeIPA commands work ("ipa user-show" etc.), giving the error
"ipa: ERROR: Insufficient access: Invalid credentials"
- Scouring the logs from various different services shows error like
"authentication failure: GSSAPI Failure: gss_accept_sec_context" and
"Replication bind with GSSAPI auth failed: LDAP error 49 (Invalid credentials)
()"
I have tried "kinit admin" and it seems to work successfully. Manually
authenticating LDAP using the Directory Manager credentials also work. In
general, it seems that the connection between FreeIPA and LDAP (via GSSAPI?)
seems to be the cause of the problem.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
