[Freeipa-users] Server error with multiple clients joining domain simultaneously
David Zabner
david at cazena.com
Thu Jan 28 19:17:30 UTC 2016
I was guessing that it was a problem with mod_auth_gssapi and so I tried switching the auth method back to mod_auth_kerb which did not work. (although it is entirely possible that I did not switch it correctly)
I did it by changing the gssapi settings in /etc/httpd/conf.d/ipa.conf to:
<Location "/ipa">
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbServiceName HTTP
KrbAuthRealms $realm
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
KrbConstrainedDelegation on
Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html
</Location>
It just seemed to cause other problems...
On Jan 28, 2016, at 1:44 PM, Izzo, Anthony <aizzo01 at harris.com<mailto:aizzo01 at harris.com>> wrote:
I should add that some of my team members have tried serializing their instance launches, and this problem does not seem to occur under those circumstances. (That’s not a solution, just a data point for those interested in this behavior). Thanks.
From: Izzo, Anthony (U.S. Person)
Sent: Thursday, January 28, 2016 1:35 PM
To: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Cc: 'David Zabner' <david at cazena.com<mailto:david at cazena.com>>
Subject: RE: [Freeipa-users] Server error with multiple clients joining domain simultaneously
Yes, that’s it!
From: David Zabner [mailto:david at cazena.com]
Sent: Thursday, January 28, 2016 1:31 PM
To: Izzo, Anthony (U.S. Person) <aizzo01 at harris.com<mailto:aizzo01 at harris.com>>
Cc: freeipa-users at redhat.com<mailto:freeipa-users at redhat.com>
Subject: Re: [Freeipa-users] Server error with multiple clients joining domain simultaneously
This sounds exactly like the problem I am having. I will attach my error log. Is this what yours looks like?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160128/808e4712/attachment.htm>
More information about the Freeipa-users
mailing list