[Freeipa-users] GSSAPI Failure
Dmitri Pal
dpal at redhat.com
Wed Nov 12 14:45:30 UTC 2008
Konstantin,
Would it be a fair assumption to say that kinit and direct
authentication works fine but GSSAPI based kerberos auth does not?
Is it happening on one machine or all machines?
I have seen in other product a similar situation and the cause of the
problem was missing or outdated packages for SASL methods.
Can it be the case?
Thanks
Dmitri
Konstantin Kozlov wrote:
> Hello,
>
> So ran out of ideas for where to look for errors. I've got the GSSAPI
> error with ipa tools and ldap tools.
>
> [root at ipaserver ~]# ipa-finduser admin
> Connection to database failed: Invalid credentials: SASL(-13):
> authentication failure: GSSAPI Failure: gss_accept_sec_context
>
> But the ipauser can login to ipaserver and ipaclient and get his home
> dir automounted.
>
> Is it a dead end?
>
> Are there any methods to add users/groups to ldap and kerberos
> consistently without ipa tools?
>
> Best regards,
>
> Kostya
>
> Kozlov wrote:
>> Simo Sorce пишет:
>>> On Tue, 2008-11-11 at 17:10 +0300, Konstantin Kozlov wrote:
>>>> I suspect that the system was unhappy with rc4-hmac in
>>>> ipa-getkeytab command as it is not listed in supported enctypes. Is
>>>> it possible?
>>>
>>> Does not seem likely.
>>> Do you have problems only on the Windows box? Or on any client
>>> including
>>> the IPA server ?
>>>
>>> Simo.
>>>
>>
>> WinXP never worked for me yet. I've got GSSAPI error on ipaserver -
>> Fedora9 and ipaclient CentOS 5. It makes webgui and ipa tools
>> unusable but surprisingly logging in with ipauser and automounting
>> the home dir still work on ipaserver. I've failed to configure
>> automounter on ipaclient.
>>
>> I've tried to change the 127.0.0.1 in krb5.conf to
>> ipaserver.example.com but it didn't help.
>>
>> Kostya
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
More information about the Freeipa-users
mailing list