Hi Striker,

the output of error_log when trying to login is:

[Wed May 22 22:43:50.791861 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: Starting new HTTP connection (1): ipa3.roth.net:80
[Wed May 22 22:43:50.807169 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: http://ipa3.roth.net:80 "GET /ipa/session/cookie HTTP/1.1" 301 250
[Wed May 22 22:43:50.835158 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: Starting new HTTPS connection (1): ipa3.roth.net:443
[Wed May 22 22:43:50.959893 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.178.:43548] ipa: DEBUG: https://ipa3.roth.net:443 "GET /ipa/session/cookie HTTP/1.1" 200 0
[Wed May 22 22:43:51.040332 2019] [wsgi:error] [pid 21730:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: WSGI wsgi_dispatch.__call__:
[Wed May 22 22:43:51.042095 2019] [wsgi:error] [pid 21730:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: WSGI jsonserver_session.__call__:
[Wed May 22 22:43:51.043798 2019] [wsgi:error] [pid 21730:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: no ccache, need login
[Wed May 22 22:43:51.046018 2019] [wsgi:error] [pid 21730:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: 401 Unauthorized need login
[Wed May 22 22:43:51.086133 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: WSGI wsgi_dispatch.__call__:
[Wed May 22 22:43:51.088151 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: WSGI KerberosLogin.__call__:
[Wed May 22 22:43:51.089993 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: no ccache, need login
[Wed May 22 22:43:51.092056 2019] [wsgi:error] [pid 21731:tid 2937889584] [remote 192.168.1.22:43548] ipa: DEBUG: 401 Unauthorized need login



Markus Roth

Striker Leggette <striker@terranforge.com> hat am 22. Mai 2019 um 22:12 geschrieben:

Hi,

Create the file /etc/ipa/server.conf if it is not made:

  # touch /etc/ipa/server.conf

Then, edit it so that it has debugging:

[global]
debug=True

Then, restart Apache:

  # systemctl restart httpd

After, reproduce the login failure. Once that is done, check the output of /var/log/httpd/ access_log and error_log.

Striker

On 05/22/2019 03:53 PM, Markus Roth via FreeIPA-users wrote:

Hello all,

I installed a freeipa server (ipa1) and two replicas (ipa2, ipa3).

When I login at the Web-UI on ipa3 I get the message "Your session has expired. Please log in again." I checked the time on ipa3 and the client. It is the same time. Login on the other ipa servers is possible.

Has anybody a hint to solve this problem?


Markus Roth



_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org