[Freeipa-users] GSSAPI Failure
Konstantin Kozlov
kozlov at spbcas.ru
Tue Nov 11 13:50:39 UTC 2008
Well, during the last day I've reinstalled ipaserver (Fedora 9) and
ipaclient (CentOS 5). It worked for about 15 min :). I've added one
user, nfs, cifs and host principals, automounter schema and principal
for winxp host with rc4-hmac encryption. Automounter worked, I could
login to ipaserver with ipauser and had the home dir automounted. Then
"suddenly" I've started to get the same error.
I have one master - ipaserver on Fedora 9
and one client on CentOS 5 with recompiled srpms from RHEL.
rpm on Fedora are all updated (may be this is bad?)
Kerberos works, I can get tickets for admin and ipauser.
Do you have any ideas?
May be its better to go for git ipa on CentOS?
Best regards,
Kostya
Simo Sorce wrote:
> On Mon, 2008-11-10 at 16:53 +0300, Konstantin Kozlov wrote:
>> Hello,
>>
>> I have the following problem.
>>
>> On the ipaserver after reboot I get the following error:
>>
>> # kinit admin
>> # ipa-finduser admin
>> Connection to database failed: Invalid credentials: SASL(-13):
>> authentication failure: GSSAPI Failure: gss_accept_sec_context
>>
>> However it is possible to login to ipaclient with ipauser.
>
> Do you have multiple masters ?
>
>> Before reboot it worked.
>>
>> Does anybody have any ideas what is wrong?
>
> Is krb5kdc up and runnig ?
> What do you see in /var/log/krb5kdc.log ?
>
> Simo.
>
--
Konstantin Kozlov
Department of Computational Biology,
Center for Advanced Studies,
SPb State Polytechnical University,
195251, Polytechnicheskaya ul., 29,
bld 4, office 204,
St.Petersburg, Russia.
Tel./fax: +7 812 596 2831
More information about the Freeipa-users
mailing list