<html dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style> </head> <body ocsi="0" fpstyle="1"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">Hi,<br> <br> For me it sounds like you have not configured firefox to use IPA or centos is missing a package/rpm. What strikes me as strange is you should get pop ups telling/helping you do it.....just following them make sit easy.<br> <br> If you have and it just wont work, I suggest moving to password authentication to get you past that problem so you can get on with testing. <br> <div><br> <div style="font-family: Tahoma; font-size: 13px;"> <p>regards</p> <p>Steven Jones</p> <p>Technical Specialist - Linux RHCE</p> <p>Victoria University, Wellington, NZ</p> <p>0064 4 463 6272<br> </p> </div> </div> <div style="font-family: Times New Roman; color: rgb(0, 0, 0); font-size: 16px;"> <hr tabindex="-1"> <div style="direction: ltr;" id="divRpF838516"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Chandan Kumar [chandank.kumar@gmail.com]<br> <b>Sent:</b> Wednesday, 16 May 2012 2:35 a.m.<br> <b>To:</b> Steven Jones<br> <b>Cc:</b> freeipa-users@redhat.com<br> <b>Subject:</b> Help regarding Basic FreeIPA setup<br> </font><br> </div> <div></div> <div>Hi, <div>I am running the default Firefox that comes with centos 6.2 . I guess that Whatever time I do kinit it just does not working for me even for single time.<span></span></div> <div><br> </div> <div>Also it shows as that I am logged in as user@freeipa.org.... In the main back ground web page. Not sure whether it's relevant with this error.<br> <br> On Monday, 14 May 2012, Steven Jones wrote:<br> <blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"> <div> <div style="direction: ltr; font-size: 10pt; font-family: Tahoma;"> <p>Hi,</p> <p> </p> <p>I have run it on Macosx and RHEL6.2, firefox and chrome, safari wont connect but thats a safari issue Im sure. </p> <p> </p> <p>After running "kinit admin" I find the kerberos ticket expires about 24 hours later so you have to renew? What you can do if it simply wont work is get IPA to fall back to asking for a password, which is what I have had to set for Windows 7 firefox users.</p> <p> </p> <p>It might depend on which version of firefox, 3 and 10 do work......I think RH say firefox 10 is the long term supported version for them so I'd run that at least.</p> <div> <p> </p> <div style="font-family: Tahoma; font-size: 13px;"> <p>regards</p> <p>Steven Jones</p> <p>Technical Specialist - Linux RHCE</p> <p>Victoria University, Wellington, NZ</p> <p>0064 4 463 6272<br> </p> </div> </div> <div style="font-size: 16px; font-family: Times New Roman;"> <hr> <div style="direction: ltr;"><font face="Tahoma" color="#000000"><b>From:</b> <a> freeipa-users-bounces@redhat.com</a> [<a>freeipa-users-bounces@redhat.com</a>] on behalf of Chandan Kumar [<a>chandank.kumar@gmail.com</a>]<br> <b>Sent:</b> Tuesday, 15 May 2012 9:25 a.m.<br> <b>To:</b> <a>dpal@redhat.com</a><br> <b>Cc:</b> <a>freeipa-users@redhat.com</a><br> <b>Subject:</b> Re: [Freeipa-users] Help regarding Basic FreeIPA setup<br> </font><br> </div> <div></div> <div><br> System: Centos 6.2 <br> IPA version : ipa-server-2.1.3-9.el6.x86_64<br> <br> <br clear="all"> Thanks<br> Chandan<br> <br> <br> <br> <br> <br> <div class="gmail_quote">On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal <span dir="ltr"> <<a>dpal@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;"> <u></u> <div bgcolor="#ffffff"> <div> <div>On 05/14/2012 05:09 PM, Chandan Kumar wrote: <blockquote type="cite">I am a newbie in IPA and was experimenting it on my couple of VMs before considering it for production level.<br> <br> Installation went fine, however, I am getting the kerberos key expiration error at firefox. I am running firefox on the same machine where I have installed/configured ipa-server. On googling and some help in IRC I checked documentation to trouble shoot it as this appear to be a known problem. <br> <br> Moreover, I did follow<br> <br> <a href="http://freeipa.org/page/InstallAndDeploy" target="_blank">http://freeipa.org/page/InstallAndDeploy</a><br> <a href="http://freeipa.org/page/TroubleshootingGuide" target="_blank">http://freeipa.org/page/TroubleshootingGuide</a><br> <br> Fire fox logs<br> <br> 1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005]<br> -1977841888[7fc789f5b040]: using REQ_DELEGATE<br> -1977841888[7fc789f5b040]: service = <a href="http://ipaserver.example.com" target="_blank"> ipaserver.example.com</a><br> -1977841888[7fc789f5b040]: using negotiate-gss<br> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()<br> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()<br> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]<br> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()<br> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information<br> SPNEGO cannot find mechanisms to negotiate<br> -1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005]<br> <br> [root@ds var]# klist<br> Ticket cache: <a>FILE:/tmp/krb5cc_0</a><br> Default principal: <a>admin@EXAMPLE.COM</a><br> <br> Valid starting Expires Service principal<br> 05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/<a>EXAMPLE.COM@EXAMPLE.COM</a><br> 05/14/12 13:53:58 05/15/12 13:50:30 HTTP/<a>ipaserver.example.com@EXAMPLE.COM</a><br> 05/14/12 13:54:13 05/15/12 13:50:30 ldap/<a>ipaserver.example.com@EXAMPLE.COM</a><br> [root@ds var]# <br> <br> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin<br> <br> at <a href="http://fpaste.org/9hXX/" target="_blank">http://fpaste.org/9hXX/</a><br> <br> I am not sure what I am missing though. Appreciate any help.<br> <br clear="all"> Thanks<br> Chandan<br> <br> <br> <br> </blockquote> <br> </div> </div> Are you running FF on windows?<br> Which version of IPA are you using?<br> <br> <br> <blockquote type="cite"> <pre><fieldset target="_blank"></fieldset> _______________________________________________ Freeipa-users mailing list <a>Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> <span><font color="#888888"></font></span></blockquote> <span><font color="#888888"><br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </font></span></div> <br> _______________________________________________<br> Freeipa-users mailing list<br> <a>Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> </blockquote> </div> <br> </div> </div> </div> </div> </blockquote> </div> <br> <br> -- <br> Sent from my iPad <br> </div> </div> </div> </body> </html>