IPA Web GUI reports "Your session has expired. Please re-login"
Issue
IPA Web GUI reports "Your session has expired. Please re-login" when attempting to login as the admin or any unprivileged user.
ipa user-status reports "Insufficient access: Invalid credentials" for the user. For example:
# ipa user-status asmith
-----------------------
Account disabled: False
-----------------------
Server: tiger.linux.testdomain.com
Failed logins: 0
Last successful authentication: N/A
Last failed authentication: 20190717121903Z
Time now: 2019-09-16T13:25:23Z
Server: cheetah.linux.testdomain.com failed: Insufficient access: Invalid credentials
----------------------------
Number of entries returned 2
----------------------------
ldapsearch reports "Invalid credentials (49)". For example:
# kinit HTTP/cheetah.linux.testdomain.com -kt /var/lib/ipa/gssproxy/http.keytab
# ldapsearch -Y GSSAPI -b "" -s base
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
Environment
IPA 4.6
RHEL7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.