On Wed, Feb 27, 2013 at 10:42:49AM +0100, Petr Spacek wrote:
> >
> >
> >< HTTP/1.1 401 Authorization Required
> >< Date: Tue, 26 Feb 2013 16:54:21 GMT
> >< Server: Apache/2.2.15 (CentOS)
> >* gss_init_sec_context() failed: : Server krbtgt/[email protected] not found
> >in Kerberos database< WWW-Authenticate: Negotiate
I have a similar problem getting a couple of RHEL 6.4 clients working
with a 6.3 server (ipa-server-2.2.0-17.el6_3.1.x86_64). When doing the
ipa-client-install I get:
* gss_init_sec_context() failed: : Request is a replay<
WWW-Authenticate: Negotiate
I have a ticket opened with RH-support for this (00796525), so I hope
to get it fixed that way soonish.. but -- one strange thing about my
problem is that I can't even get sssd working if I do a manual
enrollment. I've tried doing ipa host-add, ipa host-add-managedby,
ipa-getkeytab on the ipa-server, transferred the keytab, but still
sssd fails to work. To get sssd working on this machine I had to
configure an LDAP backend against the ipa-servers, without
"ldap_sasl_mech=GSSAPI".
Is there a simple way to verify that the hosts keytab is OK?
"klist -k -t -K FILE:/etc/krb5.keytab" works fine, but I'd
like to test it against the ipa-server.
-jf
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
