[Freeipa-devel] Re: Freeipa-devel Digest, Vol 12, Issue 33

Mark Christiansen mwchristiansen at gmail.com
Mon May 19 19:15:40 UTC 2008 

I fixed my problems with ipa* functions by modifying /etc/hosts so that my
FQDN entry is first, and the localhost entry is not first.  I am guessing
this is where most other people will have their problems.  Can we modify the
FAQ to include this recommendation?

I am having issues getting access to the web page outside of the machine
with freeipa installed.  Should I be able to get a ticket by accessing the
web interface?   In both IE and Firefox, I am unable to bring up any pages
after getting prompted.  In IE, it is blank, and Firefox I get Kerberos
authentication failed.  This is another noob question, but perhaps it will
be helpful for the FAQ.  My O'Reilly book on Kerberos is on its way.  :)

Thanks!

-Mark

On Mon, May 19, 2008 at 9:00 AM, <freeipa-devel-request at redhat.com> wrote:

> Send Freeipa-devel mailing list submissions to
>        freeipa-devel at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://www.redhat.com/mailman/listinfo/freeipa-devel
> or, via email, send a message with subject or body 'help' to
>        freeipa-devel-request at redhat.com
>
> You can reach the person managing the list at
>        freeipa-devel-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeipa-devel digest..."
>
>
> Today's Topics:
>
>   1. Re: freeIPA + Fedora 9 + xen ,    can't get passed ipa-finduser
>      admin (Rob Crittenden)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 19 May 2008 11:39:45 -0400
> From: Rob Crittenden <rcritten at redhat.com>
> Subject: Re: [Freeipa-devel] freeIPA + Fedora 9 + xen , can't get
>        passed ipa-finduser admin
> To: Jaakan Shorter <jaakanshorter at gmail.com>
> Cc: freeipa-devel at redhat.com
> Message-ID: <48319F41.7040707 at redhat.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Jaakan Shorter wrote:
> > here's an update ( I replaced the domain name with test )
> > let me know if you need anymore info
> >
> > ipa-server-install --uninstall
> > rm -f /var/kerberos/krb5kdc/kpasswd.keytab
> > stopped the kerberos service ( --uninstall switch didn't stop it. I
> > thought it should set it back to old state )
> > yum update ( 1.0.6 version came out over the weekend for FC-9 )
> > rebooted
> > ipa-server-install --setup-bind -N
>
> Yes, this should be fixed in the tip.
>
> [ snip ]
>
> > May 19 09:31:08 freeIPA.test.net krb5kdc[1758](info): set up 4 sockets
> > May 19 09:31:08 freeIPA.test.net krb5kdc[1759](info): commencing
> operation
> > May 19 09:32:02 freeIPA.test.net krb5kdc[1759](info): AS_REQ (7 etypes
> > {18 17 16 23 1 3 2}) 192.168.1.25: NEEDED_PREAUTH: admin at TEST.NET for
> > krbtgt/TEST.NET at TEST.NET, Additional pre-authentication required
> > May 19 09:32:24 freeIPA.test.net krb5kdc[1759](info): AS_REQ (7 etypes
> > {18 17 16 23 1 3 2}) 192.168.1.25: ISSUE: authtime 1211203944, etypes
> > {rep=18 tkt=18 ses=18}, admin at TEST.NET for krbtgt/TEST.NET at TEST.NET
> > May 19 09:32:54 freeIPA.test.net krb5kdc[1759](info): TGS_REQ (7
> > etypes {18 17 16 23 1 3 2}) 192.168.1.25: UNKNOWN_SERVER: authtime
> > 1211203944,  admin at TEST.NET for HTTP/freeipa.test.net at TEST.NET, Server
> > not found in Kerberos database
> > May 19 09:32:54 freeIPA.test.net krb5kdc[1759](info): TGS_REQ (7
> > etypes {18 17 16 23 1 3 2}) 192.168.1.25: UNKNOWN_SERVER: authtime
> > 1211203944,  admin at TEST.NET for HTTP/freeipa.test.net at TEST.NET, Server
> > not found in Kerberos database
>
> Service principals are created for the IPA servers at install time.
> There must be some (perhaps subtle) difference in what was created at
> install time and what it is trying to use.
>
> Try this command to see what service principals exist:
>
> $ ldapsearch -LLL -x -b "cn=kerberos,dc=test,dc=net"
> objectclass=krbPrincipalAux dn
>
> rob
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 3245 bytes
> Desc: S/MIME Cryptographic Signature
> Url :
> https://www.redhat.com/archives/freeipa-devel/attachments/20080519/db294115/smime.bin
>
> ------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
> End of Freeipa-devel Digest, Vol 12, Issue 33
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080519/6c239545/attachment.htm>

More information about the Freeipa-devel mailing list