[Freeipa-devel] freeipa and samba

Tue Feb 12 12:55:39 UTC 2008

On Mon, 2008-02-11 at 13:11 -0500, Simo Sorce wrote:

> Can you provide the error you get with Firefox ?

Ok, on the server:
krb5-devel-1.6.3-4.fc8.jnx
krb5-server-1.6.3-4.fc8.jnx
krb5-server-ldap-1.6.3-4.fc8.jnx
krb5-workstation-1.6.3-4.fc8.jnx
krb5-libs-1.6.3-4.fc8.jnx

These are rebuilt from the source RPM from Rawhide.

# curl -u : --negotiate -k https://xxx.xxx.com/ipatest/
KRB5CCNAME: FILE:/tmp/krb5cc_apache_iHWoIo<br>
HTTPS: on<br>
GATEWAY_INTERFACE: CGI/1.1<br>
SERVER_PROTOCOL: HTTP/1.1<br>
REQUEST_METHOD: GET<br>
QUERY_STRING: <br>
REQUEST_URI: /ipatest/<br>
SCRIPT_NAME: /ipatest/<br>
HTTP_USER_AGENT: curl/7.17.1 (i686-redhat-linux-gnu) libcurl/7.17.1
NSS/3.11.7.1 zlib/1.2.3 libidn/0.6.14<br>
HTTP_HOST: xxx.xxx.com<br>
HTTP_ACCEPT: */*<br>
PATH: /sbin:/usr/sbin:/bin:/usr/bin<br>
SERVER_SIGNATURE: <address>Apache/2.2.6 (Fedora) Server at xxx.xxx.com
Port 443</address>
<br>
SERVER_SOFTWARE: Apache/2.2.6 (Fedora)<br>
SERVER_NAME: xxx.xxx.com<br>
SERVER_ADDR: 192.168.1.2<br>
SERVER_PORT: 443<br>
REMOTE_ADDR: 192.168.1.2<br>
DOCUMENT_ROOT: /var/www/html<br>
SERVER_ADMIN: root at localhost<br>
SCRIPT_FILENAME: /usr/share/ipa/ipatest/<br>
REMOTE_PORT: 59159<br>
REMOTE_USER: admin at XXX.COM<br>
AUTH_TYPE: Negotiate<br>
KRB5CCNAME is FILE:/tmp/krb5cc_apache_iHWoIo<br>
Sucessfully bound to LDAP using SASL mechanism GSSAPI<br>

with firefox:
KRB5CCNAME: FILE:/tmp/krb5cc_apache_bpP78u 
HTTPS: on 
GATEWAY_INTERFACE: CGI/1.1 
SERVER_PROTOCOL: HTTP/1.1 
REQUEST_METHOD: GET 
QUERY_STRING: 
REQUEST_URI: /ipatest/ 
SCRIPT_NAME: /ipatest/ 
HTTP_HOST: xxx.xxx.com 
HTTP_USER_AGENT: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10 
HTTP_ACCEPT: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 
HTTP_ACCEPT_LANGUAGE: en-us,en;q=0.5 
HTTP_ACCEPT_ENCODING: gzip,deflate 
HTTP_ACCEPT_CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
HTTP_KEEP_ALIVE: 300 
HTTP_CONNECTION: keep-alive 
PATH: /sbin:/usr/sbin:/bin:/usr/bin 
SERVER_SIGNATURE: <address>Apache/2.2.6 (Fedora) Server at xxx.xxx.com Port 443</address>
 
SERVER_SOFTWARE: Apache/2.2.6 (Fedora) 
SERVER_NAME: xxx.xxx.com 
SERVER_ADDR: 192.168.1.2 
SERVER_PORT: 443 
REMOTE_ADDR: 192.168.1.2 
DOCUMENT_ROOT: /var/www/html 
SERVER_ADMIN: root at localhost 
SCRIPT_FILENAME: /usr/share/ipa/ipatest/ 
REMOTE_PORT: 59165 
REMOTE_USER: admin at XXX.COM 
AUTH_TYPE: Negotiate 
KRB5CCNAME is FILE:/tmp/krb5cc_apache_bpP78u 
Error using SASL mechanism GSSAPI {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No credentials cache found)', 'desc': 'Local error'}