Any guesses as to why I couldn’t revert to using the mod_auth_kerb library? It seems like this is the only place where the library is referenced one way or the other…
Thanks for all your help. > On Jan 29, 2016, at 6:35 AM, Petr Spacek <pspa...@redhat.com> wrote: > > Interesting, we have to investigate it! > > Here is a ticket: > https://fedorahosted.org/freeipa/ticket/5653 > > You can Cc yourself to it and watch the progress. > > Petr^2 Spacek > > On 28.1.2016 20:17, David Zabner wrote: >> I was guessing that it was a problem with mod_auth_gssapi and so I tried >> switching the auth method back to mod_auth_kerb which did not work. >> (although it is entirely possible that I did not switch it correctly) >> >> I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to: >> <Location "/ipa"> >> AuthType Kerberos >> AuthName "Kerberos Login" >> KrbMethodNegotiate on >> KrbMethodK5Passwd off >> KrbServiceName HTTP >> KrbAuthRealms $realm >> Krb5KeyTab /etc/httpd/conf/ipa.keytab >> KrbSaveCredentials on >> KrbConstrainedDelegation on >> Require valid-user >> ErrorDocument 401 /ipa/errors/unauthorized.html >> </Location> >> It just seemed to cause other problems... >> >> On Jan 28, 2016, at 1:44 PM, Izzo, Anthony >> <aizz...@harris.com<mailto:aizz...@harris.com>> wrote: >> >> I should add that some of my team members have tried serializing their >> instance launches, and this problem does not seem to occur under those >> circumstances. (That’s not a solution, just a data point for those >> interested in this behavior). Thanks. >> >> >> From: Izzo, Anthony (U.S. Person) >> Sent: Thursday, January 28, 2016 1:35 PM >> To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> >> Cc: 'David Zabner' <da...@cazena.com<mailto:da...@cazena.com>> >> Subject: RE: [Freeipa-users] Server error with multiple clients joining >> domain simultaneously >> >> Yes, that’s it! >> >> From: David Zabner [mailto:da...@cazena.com] >> Sent: Thursday, January 28, 2016 1:31 PM >> To: Izzo, Anthony (U.S. Person) >> <aizz...@harris.com<mailto:aizz...@harris.com>> >> Cc: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com> >> Subject: Re: [Freeipa-users] Server error with multiple clients joining >> domain simultaneously >> >> This sounds exactly like the problem I am having. I will attach my error >> log. Is this what yours looks like? >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> >> >> > > > -- > Petr^2 Spacek > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
