[Freeipa-users] FreeIPA Installation / Configuration
Rob Crittenden
rcritten at redhat.com
Tue Sep 2 19:05:52 UTC 2008
Fraginhell wrote:
> Hi Everyone.
> I have just installed the FreeIPA server onto a Fedora Core 9 Base
> (fresh install) running on Vmware server.
> I've installed the ipa server with --setup-bind --no-ntp options.
> Following the installation instructions I can get a ticket and
> sucessfully return ipa-finduser admin.
> My problem is trying to view the web gui.
> My Kerb Relm is .labs.myexample.com
> I have firefox setup with .labs.myexample.com
> network.negotiate-auth.trusted-uris .labs.myexample.com
> network.negotiate-auth.delegation-uris .labs.myexample.com
> network.negotiate-auth.using-native-gsslib true
> I've hit the button "configure firefox" and it tell me it now setup
> for single sign on, but if I check /var/log/httpd/error.log I get
> this message gss_accept_sec_context() failed: Invalid token was
> supplied (No error).
> I have deleted the CA and repeated the step a few times.
> I cant get past this point at the moment, have I missed some thing,
> any advice please?
You can learn how to debug on the client side here:
http://people.redhat.com/mikeb/negotiate/
Also check /var/log/krb5kdc.log on the IPA server. It may contain useful
information about the kerberos request.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20080902/608fbe07/attachment.bin>
More information about the Freeipa-users
mailing list