freeipa

Clone
Source Code
GIT

#6102 Cannot login to WebUI as user after migrating users
Closed: Invalid None Opened 8 years ago by pvomacka.

Closed: Invalid
Reopen Issue

Description of problem: [[BR]]
After migrating users from one freeIPA to another it is not possible to login into WebUI as user. Admin login works correctly.

Steps to reproduce: [[BR]]
1) Install two freeIPA servers[[BR]]
2) Create several users on the first one[[BR]]
3) Set passwords to these users[[BR]]
4) Use migrate-ds to migrate users to the second freeIPA[[BR]]
5) Try to login as migrated user[[BR]]
[[BR]]

Output of /var/log/httpd/error_log: 

[Thu Jul 21 16:34:04.326418 2016] [wsgi:error] [pid 41528] ipa: DEBUG: WSGI wsgi_dispatch.call:
[Thu Jul 21 16:34:04.326521 2016] [wsgi:error] [pid 41528] ipa: DEBUG: WSGI login_password.call:
[Thu Jul 21 16:34:04.326745 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Obtaining armor ccache: principal=HTTP/fipa2.example.com@FIPA2.EXAMPLE.COM keytab=/etc/httpd/conf/ipa.keytab ccache=/var/run/ipa_memcached/krbcc_A_t1
[Thu Jul 21 16:34:04.326838 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Initializing principal HTTP/fipa2.example.com@FIPA2.EXAMPLE.COM using keytab /etc/httpd/conf/ipa.keytab
[Thu Jul 21 16:34:04.326901 2016] [wsgi:error] [pid 41528] ipa: DEBUG: using ccache /var/run/ipa_memcached/krbcc_A_t1
[Thu Jul 21 16:34:04.328233 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Attempt 1/1: success
[Thu Jul 21 16:34:04.328493 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Initializing principal t1@FIPA2.EXAMPLE.COM using password
[Thu Jul 21 16:34:04.328549 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Using armor ccache /var/run/ipa_memcached/krbcc_A_t1 for FAST webauth
[Thu Jul 21 16:34:04.328653 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Starting external process
[Thu Jul 21 16:34:04.328717 2016] [wsgi:error] [pid 41528] ipa: DEBUG: args=/usr/bin/kinit t1@FIPA2.EXAMPLE.COM -c FILE:/var/run/ipa_memcached/krbcc_41528 -T /var/run/ipa_memcached/krbcc_A_t1
[Thu Jul 21 16:34:04.342275 2016] [wsgi:error] [pid 41528] ipa: DEBUG: Process finished, return code=1
[Thu Jul 21 16:34:04.342355 2016] [wsgi:error] [pid 41528] ipa: DEBUG: stdout=
[Thu Jul 21 16:34:04.342405 2016] [wsgi:error] [pid 41528] ipa: DEBUG: stderr=kinit: Password incorrect while getting initial credentials
[Thu Jul 21 16:34:04.342409 2016] [wsgi:error] [pid 41528] 
[Thu Jul 21 16:34:04.342602 2016] [wsgi:error] [pid 41528] ipa: INFO: 401 Unauthorized: kinit: Password incorrect while getting initial credentials
[Thu Jul 21 16:34:04.342609 2016] [wsgi:error] [pid 41528]

[[BR]]
Aditional info: There is another ticket which might be related to this one: #6101, but even correcting the krbCanonicalName value didn't help with log in into WebUI.

Please provide the output of krb5kdc.log too

Output of /var/log/krb5kdc.log after unsuccessful login:

Jul 25 13:07:05 fipa2.example.com krb5kdc[1005](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 10.34.58.63: CLIENT_NOT_FOUND: t1@FIPA2.EXAMPLE.COM for krbtgt/FIPA2.EXAMPLE.COM@FIPA2.EXAMPLE.COM, Client not found in Kerberos database
Jul 25 13:07:05 fipa2.example.com krb5kdc[1005](info): closing down fd 12

I tried it again (because of logs) on new and clean instalation of freeIPAs and it seems that everything works. So, I'm not sure whether it is actually a bug or invalid ticket.

closing according to reporter's comment

Metadata Update from @pvomacka:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE
8 years ago

Log in to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
0
None
None
None
None
None
None
None
None
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.