[Freeipa-users] Help regarding Basic FreeIPA setup
Chandan Kumar
chandank.kumar at gmail.com
Mon May 14 21:09:44 UTC 2012
I am a newbie in IPA and was experimenting it on my couple of VMs before
considering it for production level.
Installation went fine, however, I am getting the kerberos key expiration
error at firefox. I am running firefox on the same machine where I have
installed/configured ipa-server. On googling and some help in IRC I checked
documentation to trouble shoot it as this appear to be a known problem.
Moreover, I did follow
http://freeipa.org/page/InstallAndDeploy
http://freeipa.org/page/TroubleshootingGuide
Fire fox logs
1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005]
-1977841888[7fc789f5b040]: using REQ_DELEGATE
-1977841888[7fc789f5b040]: service = ipaserver.example.com
-1977841888[7fc789f5b040]: using negotiate-gss
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
-1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
[challenge=Negotiate]
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
-1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS
failure. Minor code may provide more information
SPNEGO cannot find mechanisms to negotiate
-1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]
[root at ds var]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM
Valid starting Expires Service principal
05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/EXAMPLE.COM at EXAMPLE.COM
05/14/12 13:53:58 05/15/12 13:50:30 HTTP/ipaserver.example.com at EXAMPLE.COM
05/14/12 13:54:13 05/15/12 13:50:30 ldap/ipaserver.example.com at EXAMPLE.COM
[root at ds var]#
Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
at http://fpaste.org/9hXX/
I am not sure what I am missing though. Appreciate any help.
Thanks
Chandan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120514/007df5c4/attachment.htm>
More information about the Freeipa-users
mailing list