On 4/27/21 1:24 PM, Alexander Bokovoy wrote:
On ti, 27 huhti 2021, Harry G. Coin via FreeIPA-users wrote:
> After the recent freeipa upgrades on fedora, the reported "Server Error"
> blocking even the login screen.
>
> The logs were filled with such as:
>
> gssproxy {oid ...} Unspecified GSS failure. Minor code may provide
> more information, No credentials cache found
>
> Searches report the solution involved rebooting, checking keytab file
> access, etc. These didn't help.
>
> What resolved the problem was clearing the browser cookie / data cache.
Could you please explain with a bit more details? Are you talking about
login to IPA Web UI with browser?
What Fedora version? What upgrades you are talking about?
Yes. Your guesses were correct. Here are more details.
I was using firefox to log in to the freeipa web-ui on fedora 33
workstation. I was having the normal experiences using freeipa server
4.9.3-1 for the past several days. Three days or so ago I ran a typical
'dnf upgrade', which didn't appear to involve any core freeipa bits. I
didn't keep track of what other things got upgraded. The kernel was
upgraded, so I rebooted. I wish I tried to use the UI at that moment
but I did not. Maybe a day later I tried to log in using the web UI.
The response was "Server Error" offering a retry, which failed no matter
the number of retires. No matter how often I restarted gssapi,
kerberos, freeipa, and eventually rebooting the problem persisted. The
logs indicated the gssapi failure with the OID indicating a credentials
problem. I used the search engines to hunt for similar complaints and
resolutions. They all made reference to rebooting, existence and
security settings on keytabs, etc. None of that was correct. Simply
clearing the cache and cookies on the browser caused normal operations
to the UI to resume -- no changes to saved passwords or user names, etc.