[Freeipa-users] Server error with multiple clients joining domain simultaneously

David Zabner david at cazena.com
Thu Jan 28 19:17:30 UTC 2016 

I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly)

I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to:
<Location "/ipa">
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate on
  KrbMethodK5Passwd off
  KrbServiceName HTTP
  KrbAuthRealms $realm
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  KrbConstrainedDelegation on
  Require valid-user
  ErrorDocument 401 /ipa/errors/unauthorized.html
</Location>
It just seemed to cause other problems...

On Jan 28, 2016, at 1:44 PM, Izzo, Anthony <aizzo01 at harris.com<mailto:aizzo01 at harris.com>> wrote:

I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances.  (That’s not a solution, just a data point for those interested in this behavior).  Thanks.


From: Izzo, Anthony (U.S. Person)
Sent: Thursday, January 28, 2016 1:35 PM
To: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Cc: 'David Zabner' <david at cazena.com<mailto:david at cazena.com>>
Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously

Yes, that’s it!

From: David Zabner [mailto:david at cazena.com]
Sent: Thursday, January 28, 2016 1:31 PM
To: Izzo, Anthony (U.S. Person) <aizzo01 at harris.com<mailto:aizzo01 at harris.com>>
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously

This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160128/808e4712/attachment.htm>

More information about the Freeipa-users mailing list