[Freeipa-devel] freeipa and samba

Wed Feb 13 20:06:10 UTC 2008

Can you look to see if there are any SELinux denials?

rob

Thomas Sailer wrote:
> Ok, now with:
> 
> krb5-server-ldap-1.6.2-11.fc8
> krb5-libs-1.6.2-11.fc8
> krb5-workstation-1.6.2-11.fc8
> krb5-server-1.6.2-11.fc8
> krb5-devel-1.6.2-11.fc8
> 
> Same thing with firefox:
> KRB5CCNAME: FILE:/tmp/krb5cc_apache_ijiXp7<br>
> HTTPS: on<br>
> GATEWAY_INTERFACE: CGI/1.1<br>
> SERVER_PROTOCOL: HTTP/1.1<br>
> REQUEST_METHOD: GET<br>
> QUERY_STRING: <br>
> REQUEST_URI: /ipatest/<br>
> SCRIPT_NAME: /ipatest/<br>
> HTTP_HOST: xxx.xxx.com<br>
> HTTP_USER_AGENT: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071213 Fedora/2.0.0.10-3.fc8 Firefox/2.0.0.10<br>
> HTTP_ACCEPT: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5<br>
> HTTP_ACCEPT_LANGUAGE: en-us,en;q=0.5<br>
> HTTP_ACCEPT_ENCODING: gzip,deflate<br>
> HTTP_ACCEPT_CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.7<br>
> HTTP_KEEP_ALIVE: 300<br>
> HTTP_CONNECTION: keep-alive<br>
> HTTP_COOKIE: session_id=333b7a451144029a7f72015cf6280aed73d16336; tg-visit=0dc587193c98bbbdb462e5f560c3205dbda64236<br>
> PATH: /sbin:/usr/sbin:/bin:/usr/bin<br>
> SERVER_SIGNATURE: <address>Apache/2.2.6 (Fedora) Server at xxx.xxx.com Port 443</address>
> <br>
> SERVER_SOFTWARE: Apache/2.2.6 (Fedora)<br>
> SERVER_NAME: xxx.xxx.com<br>
> SERVER_ADDR: 192.168.1.2<br>
> SERVER_PORT: 443<br>
> REMOTE_ADDR: 192.168.1.2<br>
> DOCUMENT_ROOT: /var/www/html<br>
> SERVER_ADMIN: root at localhost<br>
> SCRIPT_FILENAME: /usr/share/ipa/ipatest/<br>
> REMOTE_PORT: 51194<br>
> REMOTE_USER: admin at XXX.COM<br>
> AUTH_TYPE: Negotiate<br>
> KRB5CCNAME is FILE:/tmp/krb5cc_apache_ijiXp7<br>
> Error using SASL mechanism GSSAPI {'info': 'SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (No credentials cache found)', 'desc': 'Local error'}<br>
> 
> The firefox log contains the following repeated four times:
> 
> -1208858928[8127548]:   using REQ_DELEGATE
> -1208858928[8127548]:   service = xxx.xxx.com
> -1208858928[8127548]:   using negotiate-gss
> -1208858928[8127548]: entering nsAuthGSSAPI::nsAuthGSSAPI()
> -1208858928[8127548]: Attempting to load gss functions
> -1208858928[8127548]: entering nsAuthGSSAPI::Init()
> -1208858928[8127548]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
> -1208858928[8127548]: entering nsAuthGSSAPI::GetNextToken()
> -1208858928[8127548]:   leaving nsAuthGSSAPI::GetNextToken [rv=0]
> -1208858928[8127548]:   Sending a token of length 1209
> 
> 
> Thanks,
> Tom
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080213/430cddaf/attachment.bin>