Hi,
I have run it on Macosx and RHEL6.2, firefox and chrome, safari wont connect but thats a safari issue Im sure. After running "kinit admin" I find the kerberos ticket expires about 24 hours later so you have to renew? What you can do if it simply wont work is get IPA to fall back to asking for a password, which is what I have had to set for Windows 7 firefox users. It might depend on which version of firefox, 3 and 10 do work......I think RH say firefox 10 is the long term supported version for them so I'd run that at least. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________ From: [email protected] [[email protected]] on behalf of Chandan Kumar [[email protected]] Sent: Tuesday, 15 May 2012 9:25 a.m. To: [email protected] Cc: [email protected] Subject: Re: [Freeipa-users] Help regarding Basic FreeIPA setup System: Centos 6.2 IPA version : ipa-server-2.1.3-9.el6.x86_64 Thanks Chandan On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal <[email protected]<mailto:[email protected]>> wrote: On 05/14/2012 05:09 PM, Chandan Kumar wrote: I am a newbie in IPA and was experimenting it on my couple of VMs before considering it for production level. Installation went fine, however, I am getting the kerberos key expiration error at firefox. I am running firefox on the same machine where I have installed/configured ipa-server. On googling and some help in IRC I checked documentation to trouble shoot it as this appear to be a known problem. Moreover, I did follow http://freeipa.org/page/InstallAndDeploy http://freeipa.org/page/TroubleshootingGuide Fire fox logs 1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] -1977841888[7fc789f5b040]: using REQ_DELEGATE -1977841888[7fc789f5b040]: service = ipaserver.example.com<http://ipaserver.example.com> -1977841888[7fc789f5b040]: using negotiate-gss -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI() -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init() -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken() -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information SPNEGO cannot find mechanisms to negotiate -1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] [root@ds var]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected]<mailto:[email protected]> Valid starting Expires Service principal 05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/[email protected]<mailto:[email protected]> 05/14/12 13:53:58 05/15/12 13:50:30 HTTP/[email protected]<mailto:[email protected]> 05/14/12 13:54:13 05/15/12 13:50:30 ldap/[email protected]<mailto:[email protected]> [root@ds var]# Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin at http://fpaste.org/9hXX/ I am not sure what I am missing though. Appreciate any help. Thanks Chandan Are you running FF on windows? Which version of IPA are you using? _______________________________________________ Freeipa-users mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/> _______________________________________________ Freeipa-users mailing list [email protected]<mailto:[email protected]> https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
