On Fri, Mar 6, 2015 at 1:28 AM, Martin Kosek <[email protected]> wrote:
> On 03/06/2015 02:38 AM, Dan Mossor wrote: > >> >> >> On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <[email protected] >> <mailto:[email protected]>> wrote: >> >> http://i.imgur.com/mhX86Ng.png >> >> It should show up if you do not have a ticket. Destroy the ticket on >> the >> client and try to access the server via browser, you should be >> redirected. >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> Ok then, that is the page that keeps returning. I've tried from this >> workstation using Konquerer, which does not support Kerberos, I've from >> from >> Internet Explorer on a Windows 7 Professional desktop, and I've tried >> from a >> Fedora 21 system that is not enrolled in the domain. I get the exact same >> response with every attempt. >> >> One additional step I attempted to take was to change the admin password >> on the >> IPA server. I am getting a ldap_sasl_interactive_bind_s: Unknown >> authentication >> method (-6) error back. >> >> I think this installation is hosed. I am ready to wipe and start over from >> scratch tomorrow. I've already wasted 16 hours on it. >> > > Sorry to hear that. But I think you should start taking gradual steps in > your testing and trying to make Web UI over GSSAPI work. I would suggest > this procedure: > > 1) Can I "kinit admin" and run CLI command ("ipa user-show admin")? If > yes, basic FreeIPA is functioning. Run kdestroy to get rid of Kerberos. > > 2) Can I login with form basic auth to my FreeIPA? If not, did you verify > all the items in http://www.freeipa.org/page/Troubleshooting#Cannot_ > authenticate_to_Web_UI ? Did you try logging with form based auth in > FreeIPA public demo for example (user "admin", password "Secret123"): > > https://ipa.demo1.freeipa.org/ipa/ui/ > > If not, we can dig further. If yes, you can continue with kinit + SSO for > the Web UI. > Martin, Dmitri, Thanks for your help, but I've taken every step available on the page you linked. I just checked this morning before I started over, and on the server I can kinit as admin and run ipa user-show admin. The ipa tools are not on my workstation. I then ran kdestroy on both the server and workstation, and the error remains when logging in to the web UI - it returns me to the screen I showed above in the link to the screenshot. Regards, Dan
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
