[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] GSSAPI Failure


So ran out of ideas for where to look for errors. I've got the GSSAPI error with ipa tools and ldap tools.

[root ipaserver ~]# ipa-finduser admin
Connection to database failed: Invalid credentials: SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context

But the ipauser can login to ipaserver and ipaclient and get his home dir automounted.

Is it a dead end?

Are there any methods to add users/groups to ldap and kerberos consistently without ipa tools?

Best regards,


Kozlov wrote:
Simo Sorce пишет:
On Tue, 2008-11-11 at 17:10 +0300, Konstantin Kozlov wrote:
I suspect that the system was unhappy with rc4-hmac in ipa-getkeytab command as it is not listed in supported enctypes. Is it possible?

Does not seem likely.
Do you have problems only on the Windows box? Or on any client including
the IPA server ?


WinXP never worked for me yet. I've got GSSAPI error on ipaserver - Fedora9 and ipaclient CentOS 5. It makes webgui and ipa tools unusable but surprisingly logging in with ipauser and automounting the home dir still work on ipaserver. I've failed to configure automounter on ipaclient.

I've tried to change the in krb5.conf to ipaserver.example.com but it didn't help.


Freeipa-users mailing list
Freeipa-users redhat com

Konstantin Kozlov
Department of Computational Biology,
Center for Advanced Studies,
SPb State Polytechnical University,
195251, Polytechnicheskaya ul., 29,
bld 4, office 204,
St.Petersburg, Russia.

Tel./fax: +7 812 596 2831

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]