rancher: Kubectl error "You must be logged in to the server"

SURE-3029 SURE-3609 SURE-3394

Hi everyone !

What kind of request is this (question/bug/enhancement/feature request):

Question or bug

Steps to reproduce (least amount of steps as possible):

1. Add a LDAP user (FreeIPA) on a project (owner, member …)
2. Launch the kubectl command (through Rancher UI or using the kubeconfig file) : It must works
3. After 24 hours, when the user execute a kubectl command, the following error is displayed :

error: You must be logged in to the server (the server has asked for the client to provide credentials)

Result: error: You must be logged in to the server (the server has asked for the client to provide credentials)

Other details that may be helpful:

• LDAP Authentication : FreeIPA
• Certificates signed by an intern PKI (CA Cert is imported during IPA connector configuration)
• Rancher upgraded from 2.1.8 to 2.4.5
• Problem still exists with a Rancher 2.4.5 fresh install
• Identified workaround : User has to delete his tokens to regenerate them when he gets his new kubeconfig file
• No problem with local users

Environment information

• Rancher version (rancher/rancher/rancher/server image tag or shown bottom left in the UI): Rancher 2.4.5
• Installation option (single install/HA): Single Install

Cluster information

• Cluster type (Hosted/Infrastructure Provider/Custom/Imported): Vsphere Cluster
• Machine type (cloud/VM/metal) and specifications (CPU/memory): Virtual Machines
• Kubernetes version (use kubectl version): v1.18.3
• Docker version (use docker version): 19.3.11

Thank you for your help !

Nicolas