[Freeipa-devel] GSSAPI Authorization error while trying to add a group
David O'Brien
david.obrien at redhat.com
Tue Nov 6 14:42:40 UTC 2007
Karl MacMillan wrote:
> On Tue, 2007-11-06 at 18:11 +1000, David O'Brien wrote:
>> Using freeipa-server from the 2007-11-05_10_07-build, I tried to add a
>> group:
>> Name: engineering
>> Description: all engineering dept. members
>>
>> and got the following:
>>
>> Group add failed: GSSAPI Authorization error
>> {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS
>> failure. Minor code may provide more information
>> (No such file or diectory)', 'desc':'Invalid credentials'}
>>
>> I'm logged in as admin. I'm trying to do this via the web interface.
>> haven't tried the commandline tools yet.
>>
>> I also tried with no description and got the same result. I didn't try
>> to add any members (haven't created any users yet).
>>
>> anyone else seen/tried this?
>>
>
> Do you verify that all your packages are updated as it says in
> http://freeipa.org/page/QuickInstall? Particularly PyKerberos and
> mod_auth_kerb.
>
> Are the client and server on the same host? What does hostname return?
>
> Can you search for users successfully?
>
> Os version / arch?
>
> Karl
>
>
ok, I should have read a bit further on the page and found info on GSS
failures :( I can successfully add a user from the command line.
haven't tried the web interface yet but suspect that will work. btw, why
are most of the commands ipa-<task><object> (e.g., ipa-adduser) except
for mod? They are ipa-groupmod and ipa-usermod?
The only thing I did different this time was apply the dirsrv patch. We
didn't do that in the initial "hand-holding" session so I guessed it was
"old". mod_auth_kerb was fine. Didn't see anything about PyKerberos...
At the moment I'm running only the server. I have another vm handy that
I'm going to put a client on. I prefer to test/document in some
semblance of a "real" environment.
mgregg helped me with initial hostname requirements so that part I've
got under control.
Currently on 32-bit F7.
thanks
--
/david
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071107/103d1b2c/attachment.sig>
More information about the Freeipa-devel
mailing list