[Freeipa-users] Server - client mismatch has no progressed to 6.1 - httpd logs
Steven Jones
Steven.Jones at vuw.ac.nz
Thu May 26 20:30:52 UTC 2011
Hi,
Do I just assume ipa is broken for now and come back in some weeks?
regards
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 26 May 2011 3:55 p.m.
To: Rob Crittenden
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Server - client mismatch has no progressed to 6.1 - httpd logs
So what's next?
regards
==================
* Closing connection #0
[root at rhel61-test64ws01 jonesst1]#
[jonesst1 at 8KXL72S ~]$ more klist-out
[root at rhel61-test64ws01 jonesst1]# klist -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at UNIX.VUW.AC.NZ
Valid starting Expires Service principal
05/26/11 08:33:56 05/27/11 08:33:49 krbtgt/UNIX.VUW.AC.NZ at UNIX.VUW.AC.NZ
Flags: FIA
[root at rhel61-test64ws01 jonesst1]#
==================
[root at rhel61-test64ws01 jonesst1]# curl -kv --negotiate -u : https://vuwunicoipamt01.unix.vuw.ac.nz/ipa/xml
* About to connect() to vuwunicoipamt01.unix.vuw.ac.nz port 443 (#0)
* Trying 130.195.87.236... connected
* Connected to vuwunicoipamt01.unix.vuw.ac.nz (130.195.87.236) port 443 (#0)
* Initializing NSS with certpath: /etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=vuwunicoipamt01.unix.vuw.ac.nz,O=UNIX.VUW.AC.NZ
* start date: May 23 04:36:22 2011 GMT
* expire date: May 23 04:36:22 2021 GMT
* common name: vuwunicoipamt01.unix.vuw.ac.nz
* issuer: CN=UNIX.VUW.AC.NZ Certificate Authority
> GET /ipa/xml HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: vuwunicoipamt01.unix.vuw.ac.nz
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Thu, 26 May 2011 01:22:26 GMT
< Server: Apache/2.2.15 (Red Hat)
* gss_init_sec_context() failed: : Server krbtgt/VUW.AC.NZ at UNIX.VUW.AC.NZ not found in Kerberos databaseWWW-Authenticate: Negotiate
< Last-Modified: Wed, 20 Apr 2011 13:57:02 GMT
< ETag: "a51-5de-4a159ffc36780"
< Accept-Ranges: bytes
< Content-Length: 1502
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>IPA: Identity Policy Audit</title>
<script type="text/javascript" src="../ui/jquery.js"></script>
<link rel="stylesheet" type="text/css" href="../ui/jquery-ui.css" />
<link rel="stylesheet" type="text/css" href="ipa_error.css" />
<script type="text/javascript">
$(document).ready(function() {
$("#import-cert-auth-link").click(function(){
$("#first-time").css("display","none");
$("#next-link").css("display","block");
return true;
});
});
});
</script>
</head>
<body id="header-bg">
<div class="container_1">
<div class="header-logo">
<img src="../ui/ipalogo.png" />
</div>
<div class="textblockkrb">
<h1>Unable to verify your Kerberos credentials.</h1><p> Please make sure that you have valid Kerberos tickets (obtainable via <b>kinit</b>), and that you have configured
your browser correctly. </p>
<b>If this is your first time</b>
<div id="first-time">
<ul>
<li><a id="import-cert-auth-link" href="/ipa/errors/ca.crt" >Click here to Import the IPA Certificate Authority</a>. </li>
<li>Make sure you select <b>all three</b> checkboxes </li>
<li>Click the <b>OK</b> Button</li>
</ul>
</div>
<div id="next-link" style="display:none;">
. <p> <a href="browserconfig.html"> Next Step:</a></p>
</div>
</div>
</div>
</body>
</html>
* Closing connection #0
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list