[Freeipa-users] Help regarding Basic FreeIPA setup

Chandan Kumar chandank.kumar at gmail.com
Mon May 14 21:09:44 UTC 2012 

I am a newbie in IPA and was experimenting it on my couple of VMs before
considering it for production level.

Installation went fine, however, I am getting the kerberos key expiration
error at firefox. I am running firefox on the same machine where I have
installed/configured ipa-server. On googling and some help in IRC I checked
documentation to trouble shoot it as this appear to be a known problem.

Moreover, I did follow

http://freeipa.org/page/InstallAndDeploy
http://freeipa.org/page/TroubleshootingGuide

Fire fox logs

1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken [rv=80004005]
-1977841888[7fc789f5b040]:   using REQ_DELEGATE
-1977841888[7fc789f5b040]:   service = ipaserver.example.com
-1977841888[7fc789f5b040]:   using negotiate-gss
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
-1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
[challenge=Negotiate]
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
-1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS
failure.  Minor code may provide more information
SPNEGO cannot find mechanisms to negotiate
-1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]

[root at ds var]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM

Valid starting     Expires            Service principal
05/14/12 13:50:32  05/15/12 13:50:30  krbtgt/EXAMPLE.COM at EXAMPLE.COM
05/14/12 13:53:58  05/15/12 13:50:30  HTTP/ipaserver.example.com at EXAMPLE.COM
05/14/12 13:54:13  05/15/12 13:50:30  ldap/ipaserver.example.com at EXAMPLE.COM
[root at ds var]#

Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin

at http://fpaste.org/9hXX/

I am not sure what I am missing though. Appreciate any help.

Thanks
Chandan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120514/007df5c4/attachment.htm>

More information about the Freeipa-users mailing list