IPA Web GUI reports "Your session has expired. Please re-login"

Solution Verified - Updated -

Issue

IPA Web GUI reports "Your session has expired. Please re-login" when attempting to login as the admin or any unprivileged user.

ipa user-status reports "Insufficient access: Invalid credentials" for the user. For example:

# ipa user-status asmith
-----------------------
Account disabled: False
-----------------------
  Server: tiger.linux.testdomain.com
  Failed logins: 0
  Last successful authentication: N/A
  Last failed authentication: 20190717121903Z
  Time now: 2019-09-16T13:25:23Z

  Server: cheetah.linux.testdomain.com failed: Insufficient access:  Invalid credentials
----------------------------
Number of entries returned 2
----------------------------

ldapsearch reports "Invalid credentials (49)". For example:

# kinit HTTP/cheetah.linux.testdomain.com -kt /var/lib/ipa/gssproxy/http.keytab
# ldapsearch -Y GSSAPI -b "" -s base
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)

Environment

IPA 4.6
RHEL7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content