<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><span>Hello all,</span></div><div><span><br></span></div><div><span>Here is some other information.</span></div><div>I'm setting this up for a lab in a university. The university has its own kerberos server (and DNS server, which I use). <br></div><div>I'm not sure whether anybody has set a kerberos server for the department, or some other labs used the department sub-domain.</div><div>But I'm sure the realm name is unique.</div><div><br></div><div>When I open the web UI on the server (firefox 13.0), I almost always get this error:</div><div><div>Your Kerberos ticket is no longer valid. Please run kinit and
then click 'Retry'. If this is your first time running the IPA Web UI <a href="https://cns2.psych.yale.edu/ipa/config/unauthorized.html">follow these directions</a> to configure your browser.</div><div>Or you can use <a href="https://cns2.psych.yale.edu/ipa/ui/#">form-based authentication</a>.</div><div>but I can use the form based authentication sometimes, not always.</div><div><br></div><div>Thanks,</div><div>George</div><div><br></div></div><div><br></div><div><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;"> <div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"> <div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight: bold;">From:</span></b> Petr Viktorin <pviktori@redhat.com><br> <b><span style="font-weight: bold;">To:</span></b> george he
<george_he7@yahoo.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "freeipa-users@redhat.com" <freeipa-users@redhat.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, June 18, 2012 10:47 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Freeipa-users] is not an IPA v2 Server.<br> </font> </div> <br>
Hi,<br>If you run the wget manually (downloading to an existing directory <br>instead of /tmp/tmpjibrhe), do you get the same error?<br><br>Can you connect to the web UI from the client?<br><br><br>On 06/18/2012 04:12 PM, george he wrote:<br>> Hello Petr,<br>> I can ping or ssh to myserver with no problem.<br>> btw, here are the ports I opened:<br>> iptables -A INPUT -p tcp --dport 80 -j ACCEPT<br>> iptables -A INPUT -p tcp --dport 443 -j ACCEPT<br>> iptables -A INPUT -p tcp --dport 389 -j ACCEPT<br>> iptables -A INPUT -p tcp --dport 636 -j ACCEPT<br>> iptables -A INPUT -p tcp --dport 88 -j ACCEPT<br>> iptables -A INPUT -p udp --dport 88 -j ACCEPT<br>> iptables -A INPUT -p tcp --dport 464 -j ACCEPT<br>> iptables -A INPUT -p udp --dport 464 -j ACCEPT<br>> iptables -A INPUT -p tcp --dport 53 -j ACCEPT<br>> iptables -A INPUT -p udp --dport 53 -j ACCEPT<br>> iptables -A INPUT -p udp --dport 123 -j ACCEPT<br>>
Thanks,<br>> George<br>><br>> ------------------------------------------------------------------------<br>> *From:* Petr Viktorin <<a ymailto="mailto:pviktori@redhat.com" href="mailto:pviktori@redhat.com">pviktori@redhat.com</a>><br>> *To:* "<a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>" <<a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>><br>> *Cc:* george he <<a ymailto="mailto:george_he7@yahoo.com" href="mailto:george_he7@yahoo.com">george_he7@yahoo.com</a>><br>> *Sent:* Monday, June 18, 2012 10:06 AM<br>> *Subject:* Re: [Freeipa-users] is not an IPA v2 Server.<br>><br>> On 06/18/2012 03:44 PM, george he wrote:<br>> > Hello all,<br>>
><br>> > here is the error message from /var/log/ipaclient-install.log on the<br>> > client machine:<br>> ><br>> > Connecting to myserver|myserver ip|:80... failed: No route to host.<br>> > Retrieving CA from myserver failed.<br>> > Command '/usr/bin/wget -O /tmp/tmpjibrhe/ca.crt -T 15 -t 2<br>> > http://myserver/ipa/config/ca.crt'<br>> <http://myserver/ipa/config/ca.crt%27> returned non-zero exit status 4<br>><br>> Seems like a routing issue. Can you ping myserver from the client<br>> machine?<br>><br>><br>> > but httpd seems running on myserver and port 80 is open.<br>> > # systemctl status httpd.service<br>> >
httpd.service - The Apache HTTP Server (prefork MPM)<br>> > Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)<br>> > Active: active (running) since Sun, 17 Jun 2012 11:17:07 -0400;<br>> 22h ago<br>> > Process: 16225 ExecStop=/usr/sbin/httpd $OPTIONS -k stop<br>> (code=exited,<br>> > status=0/SUCCESS)<br>> > Process: 16230 ExecStart=/usr/sbin/httpd $OPTIONS -k start<br>> (code=exited,<br>> > status=0/SUCCESS)<br>> > Main PID: 16233 (httpd)<br>> > CGroup: name=systemd:/system/httpd.service<br>> > ├ 16231 /usr/sbin/nss_pcache 1212421 off /etc/httpd/alias<br>> > ├ 16233 /usr/sbin/httpd -k start<br>> > ├
16236 /usr/sbin/httpd -k start<br>> > ├ 16237 /usr/sbin/httpd -k start<br>> > ├ 16238 /usr/sbin/httpd -k start<br>> > ├ 16239 /usr/sbin/httpd -k start<br>> > ├ 16240 /usr/sbin/httpd -k start<br>> > ├ 16241 /usr/sbin/httpd -k start<br>> > ├ 16242 /usr/sbin/httpd -k start<br>> > ├ 16243 /usr/sbin/httpd -k start<br>> > ├ 16244 /usr/sbin/httpd -k start<br>> > └ 16245 /usr/sbin/httpd -k start<br>> > I have been working on this for days to set this thing up. Any<br>> help will<br>> > be very appreciated.<br>> > George<br>> ><br>> ><br>>
------------------------------------------------------------------------<br>> > *From:* george he <<a ymailto="mailto:george_he7@yahoo.com" href="mailto:george_he7@yahoo.com">george_he7@yahoo.com</a><br>> <mailto:<a ymailto="mailto:george_he7@yahoo.com" href="mailto:george_he7@yahoo.com">george_he7@yahoo.com</a>>><br>> > *To:* "<a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>> <mailto:<a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>>" <<a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>> <mailto:<a ymailto="mailto:freeipa-users@redhat.com" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a>>><br>>
> *Sent:* Saturday, June 16, 2012 4:02 PM<br>> > *Subject:* is not an IPA v2 Server.<br>> ><br>> > Hello all,<br>> ><br>> > I'm trying to install freeipa for a small lab with <10 computers,<br>> > all running fedora 17.<br>> > I seemed to have installed ipa server (without DNS) successfully,<br>> ><br>> > # ipactl status<br>> > Directory Service: RUNNING<br>> > KDC Service: RUNNING<br>> > KPASSWD Service: RUNNING<br>> > MEMCACHE Service: RUNNING<br>> > HTTP Service: RUNNING<br>> > CA Service: RUNNING<br>> ><br>>
> but when I try to run ipa-client-install on a client machine, I get<br>> > this error message:<br>> ><br>> > <<a target="_blank" href="http://server.my.edu/">server.my.edu</a> <<a href="http://server.my.edu/" target="_blank">http://server.my.edu/</a>> <<a href="http://server.my.edu/" target="_blank">http://server.my.edu/</a>>><br>> is not an IPA v2 Server.<br>> > Installation failed. Rolling back changes.<br>> > IPA client is not configured on this system.<br>> ><br>> > what am I missing?<br>> > ps, I'm following the instructions here:<br>> ><br>> <a href="https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html"
target="_blank">https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html</a><br>> > Thanks,<br>> > George<br>> ><br>> ><br>> ><br>> ><br>> ><br>> > _______________________________________________<br>> > Freeipa-users mailing list<br>> > <a ymailto="mailto:Freeipa-users@redhat.com" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <mailto:<a ymailto="mailto:Freeipa-users@redhat.com" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>><br>> > <a href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>><br>><br>> --<br>> Petr³<br>><br>><br><br><br>-- <br>Petr³<br><br><br> </div> </div> </blockquote></div> </div></body></html>