[Freeipa-users] GSSAPI Failure
Konstantin Kozlov
kozlov at spbcas.ru
Wed Nov 12 08:15:53 UTC 2008
Hello,
So ran out of ideas for where to look for errors. I've got the GSSAPI
error with ipa tools and ldap tools.
[root at ipaserver ~]# ipa-finduser admin
Connection to database failed: Invalid credentials: SASL(-13):
authentication failure: GSSAPI Failure: gss_accept_sec_context
But the ipauser can login to ipaserver and ipaclient and get his home
dir automounted.
Is it a dead end?
Are there any methods to add users/groups to ldap and kerberos
consistently without ipa tools?
Best regards,
Kostya
Kozlov wrote:
> Simo Sorce пишет:
>> On Tue, 2008-11-11 at 17:10 +0300, Konstantin Kozlov wrote:
>>> I suspect that the system was unhappy with rc4-hmac in ipa-getkeytab
>>> command as it is not listed in supported enctypes. Is it possible?
>>
>> Does not seem likely.
>> Do you have problems only on the Windows box? Or on any client including
>> the IPA server ?
>>
>> Simo.
>>
>
> WinXP never worked for me yet. I've got GSSAPI error on ipaserver -
> Fedora9 and ipaclient CentOS 5. It makes webgui and ipa tools unusable
> but surprisingly logging in with ipauser and automounting the home dir
> still work on ipaserver. I've failed to configure automounter on ipaclient.
>
> I've tried to change the 127.0.0.1 in krb5.conf to ipaserver.example.com
> but it didn't help.
>
> Kostya
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Konstantin Kozlov
Department of Computational Biology,
Center for Advanced Studies,
SPb State Polytechnical University,
195251, Polytechnicheskaya ul., 29,
bld 4, office 204,
St.Petersburg, Russia.
Tel./fax: +7 812 596 2831
More information about the Freeipa-users
mailing list