All IPA services work else than IPA UI login. For Admin account it throws the error
"Your session has expired. Please re-login."
# cat /var/log/httpd/error_log | grep error
[Mon Nov 04 03:30:57.855012 2019] [:error] [pid 26165] ipa: INFO: Starting new HTTP
connection (1):
ipaserver.home.mydomain.com
[Mon Nov 04 03:30:57.858643 2019] [:error] [pid 26165] ipa: INFO: Starting new HTTPS
connection (1):
ipaserver.home.mydomain.com
[Mon Nov 04 04:14:57.945806 2019] [:error] [pid 31576] ipa: INFO: *** PROCESS START ***
[Mon Nov 04 04:14:57.973073 2019] [:error] [pid 31579] ipa: INFO: *** PROCESS START ***
[Mon Nov 04 04:14:57.977523 2019] [:error] [pid 31578] ipa: INFO: *** PROCESS START ***
[Mon Nov 04 04:14:57.993765 2019] [:error] [pid 31577] ipa: INFO: *** PROCESS START ***
[Mon Nov 04 04:15:26.343676 2019] [:error] [pid 31578] ipa: INFO: Starting new HTTP
connection (1):
ipaserver.home.mydomain.com
[Mon Nov 04 04:15:26.347563 2019] [:error] [pid 31578] ipa: INFO: Starting new HTTPS
connection (1):
ipaserver.home.mydomain.com
# kinit admin
Password for admin(a)MYDOMAIN.COM:
# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin(a)MYDOMAIN.COM
Valid starting Expires Service principal
11/04/2019 04:39:36 11/05/2019 04:39:23 krbtgt/MYDOMAIN.COM(a)MYDOMAIN.COM
# ipa -v ping
ipa: INFO: trying
https://ipaserver.home.mydomain.com/ipa/json
ipa: INFO: [try 1]: Forwarding 'schema' to json server
'https://ipaserver.home.mydomain.com/ipa/json'
ipa: INFO: trying
https://ipaserver.home.mydomain.com/ipa/session/json
ipa: INFO: [try 1]: Forwarding 'ping/1' to json server
'https://ipaserver.home.mydomain.com/ipa/session/json'
-------------------------------------------
IPA server version 4.6.5. API version 2.231
-------------------------------------------
# kinit -kt /var/lib/ipa/gssproxy/http.keytab http(a)MYDOMAIN.COM
kinit: Keytab contains no suitable keys for http(a)MYDOMAIN.COM while getting initial
credentials
# kinit -kt /var/lib/ipa/gssproxy/http.keytab HTTP/ipaserver.home.mydomain.com
# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_jTRWw54
Default principal: HTTP/ipaserver.home.mydomain.com(a)MYDOMAIN.COM
Valid starting Expires Service principal
11/04/2019 04:42:26 11/05/2019 04:42:26 krbtgt/MYDOMAIN.COM(a)MYDOMAIN.COM
Can someone please help me with what might me the issue?
Any suggestions?
PS: I have already restarted restart krb5kdc,sssd & httpd services.
Thanks in advance,
Saurabh Garg