I tried to dig a little on my problem where new accounts or passwords-reset accounts can no longer connect to the web UI.
Looking a /var/log/http.log:
for a user that fails (brand new account): [Tue Jul 10 13:46:20.536415 2018] [wsgi:error] [pid 1526] ipa: INFO: 401 Unauthorized: kinit: Generic preauthentication failure while getting initial credentials [Tue Jul 10 13:46:20.536605 2018] [wsgi:error] [pid 1526]
for a user that works: [Tue Jul 10 13:48:44.776366 2018] [wsgi:error] [pid 1527] ipa: INFO: karl@xxxxx.COM: batch: i18n_messages(): SUCCESS [Tue Jul 10 13:48:44.783299 2018] [wsgi:error] [pid 1527] ipa: INFO: karl@xxxxx.COM: batch: config_show(): SUCCESS [Tue Jul 10 13:48:44.945623 2018] [wsgi:error] [pid 1527] ipa: INFO: karl@xxxxx.COM: batch: user_find(None, whoami=True, all=True): SUCCESS [Tue Jul 10 13:48:44.946730 2018] [wsgi:error] [pid 1527] ipa: INFO: karl@xxxxx.COM: batch: env(None): SUCCESS [Tue Jul 10 13:48:44.956964 2018] [wsgi:error] [pid 1527] ipa: INFO: karl@xxxxx.COM: batch: dns_is_enabled(): SUCCESS [Tue Jul 10 13:48:44.963362 2018] [wsgi:error] [pid 1527] ipa: INFO: karl@xxxxx.COM: batch: trustconfig_show(): NotFound ....
What should I look into next ?
Thanks.
Solved, cf my other thread.
freeipa-users@lists.fedorahosted.org