Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1511026 - IDM Web UI Fails with Error "Login failed for unknown reason"
Summary: IDM Web UI Fails with Error "Login failed for unknown reason"
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-08 15:04 UTC by aheverle
Modified: 2017-11-18 00:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-08 18:21:42 UTC


Attachments (Terms of Use)

Description aheverle 2017-11-08 15:04:21 UTC
Description of problem:
Unable to get to the login page for the IdM server. Upon submitting the the admin user name and password, I receive the following error:

Login failed for unknown reason

Version-Release number of selected component (if applicable):
ipa-server-4.5.0-21.el7_4.2.2.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Attempt to login to the web UI

Additional info:

[Tue Nov 07 14:53:03.906791 2017] [:error] [pid 25093] ipa: DEBUG: Initializing principal admin using password
[Tue Nov 07 14:53:03.906879 2017] [:error] [pid 25093] ipa: DEBUG: Using armor ccache /var/run/ipa/ccaches/armor_25093 for FAST webauth
[Tue Nov 07 14:53:03.906957 2017] [:error] [pid 25093] ipa: DEBUG: Using enterprise principal
[Tue Nov 07 14:53:03.907050 2017] [:error] [pid 25093] ipa: DEBUG: Starting external process
[Tue Nov 07 14:53:03.907108 2017] [:error] [pid 25093] ipa: DEBUG: args=/usr/bin/kinit admin -c /var/run/ipa/ccaches/kinit_25093 -T /var/run/ipa/ccaches/armor_25093 -E
[Tue Nov 07 14:53:03.927509 2017] [:error] [pid 25093] ipa: DEBUG: Process finished, return code=0
[Tue Nov 07 14:53:03.927585 2017] [:error] [pid 25093] ipa: DEBUG: stdout=Password for admin@EXAMPLE.LOCAL: 
[Tue Nov 07 14:53:03.927597 2017] [:error] [pid 25093] 
[Tue Nov 07 14:53:03.927640 2017] [:error] [pid 25093] ipa: DEBUG: stderr=
[Tue Nov 07 14:53:03.927741 2017] [:error] [pid 25093] ipa: DEBUG: Cleanup the armor ccache
[Tue Nov 07 14:53:03.927842 2017] [:error] [pid 25093] ipa: DEBUG: Starting external process
[Tue Nov 07 14:53:03.927894 2017] [:error] [pid 25093] ipa: DEBUG: args=/usr/bin/kdestroy -A -c /var/run/ipa/ccaches/armor_25093
[Tue Nov 07 14:53:03.933018 2017] [:error] [pid 25093] ipa: DEBUG: Process finished, return code=0
[Tue Nov 07 14:53:03.933092 2017] [:error] [pid 25093] ipa: DEBUG: stdout=
[Tue Nov 07 14:53:03.933143 2017] [:error] [pid 25093] ipa: DEBUG: stderr=
[Tue Nov 07 14:53:03.940663 2017] [:error] [pid 25093] ipa: INFO: 401 Unauthorized: [Errno 13] Permission denied

Comment 2 aheverle 2017-11-08 18:21:28 UTC
This turned out to be an issue of the customer hardening the system in several way, chief among them using a Trend Micro product called Deep Security Agent. Disabling this agent, making some of the security changes suggested by technical support and re-installing the IdM service, resolved the issue.


Note You need to log in before you can comment on or make changes to this bug.