[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] GSSAPI Failure



Well, during the last day I've reinstalled ipaserver (Fedora 9) and ipaclient (CentOS 5). It worked for about 15 min :). I've added one user, nfs, cifs and host principals, automounter schema and principal for winxp host with rc4-hmac encryption. Automounter worked, I could login to ipaserver with ipauser and had the home dir automounted. Then "suddenly" I've started to get the same error.

I have one master - ipaserver on Fedora 9
and one client on CentOS 5 with recompiled srpms from RHEL.

rpm on Fedora are all updated (may be this is bad?)

Kerberos works, I can get tickets for admin and ipauser.

Do you have any ideas?

May be its better to go for git ipa on CentOS?

Best regards,

Kostya

Simo Sorce wrote:
On Mon, 2008-11-10 at 16:53 +0300, Konstantin Kozlov wrote:
Hello,

I have the following problem.

On the ipaserver after reboot I get the following error:

# kinit admin
# ipa-finduser admin
Connection to database failed: Invalid credentials: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context

However it is possible to login to ipaclient with ipauser.

Do you have multiple masters ?

Before reboot it worked.

Does anybody have any ideas what is wrong?

Is krb5kdc up and runnig ?
What do you see in /var/log/krb5kdc.log ?

Simo.



--
Konstantin Kozlov
Department of Computational Biology,
Center for Advanced Studies,
SPb State Polytechnical University,
195251, Polytechnicheskaya ul., 29,
bld 4, office 204,
St.Petersburg, Russia.

Tel./fax: +7 812 596 2831


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]