On Wed, Feb 27, 2013 at 11:52:42AM +0100, Petr Spacek wrote: > On 27.2.2013 11:34, Jan-Frode Myklebust wrote: > > > >I have a similar problem getting a couple of RHEL 6.4 clients working > >with a 6.3 server (ipa-server-2.2.0-17.el6_3.1.x86_64). When doing the > >ipa-client-install I get: > > > > * gss_init_sec_context() failed: : Request is a replay< > > WWW-Authenticate: Negotiate > This is very suspicious. Could you double check time on all servers > and the client?
The cause of this problem was that the router ACL was dropping the kerberos return traffic from the ipa server. We had opening from client to ipa-server port 88/udp, but not from ipa-server 88/udp to client high port. -jf _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
