[Freeipa-users] Apache Error Immediately After Install
Rob Crittenden
rcritten at redhat.com
Wed Apr 21 17:44:52 UTC 2010
Brad Lodgen wrote:
> Rob,
>
> Thanks for your reply. I'm not sure if it makes much difference, but I
> forgot to say I'm using the 2.0 Alpha latest release.
>
> I am using Windows 7. I downloaded the MIT Kerberos Client for Windows,
> added my realm/domain, got my ticket, but I still get the same result. I
> used the admin user and the user I added, both same results. I ran kinit on
> both before trying, same result. I ran ipa user-find on both, both exist.
>
> Same error message in Firefox, same blank page in IE, same error message on
> /var/log/httpd/error_log.
>
> Any suggestions to move forward?
Did you set this in about:config on your browser?
network.auth.use-sspi false
You might walso want to try this, though I'm not 100% sure if the
environment variables work the same way in Windows.
http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html#sect-Installation_and_Deployment_Guide-Configuring_Your_Browser-Troubleshooting
This should give us a client-side view of what the request is doing.
Do you have a Linux machine you can try from as a baseline test?
rob
>
>
>
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com]
> Sent: Tuesday, April 20, 2010 12:26 PM
> To: Brad Lodgen
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Apache Error Immediately After Install
>
> Brad Lodgen wrote:
>> I have a fresh install. All I've done is kinit admin and added a single
>> user.
>>
>>
>>
>> I browse to my ipa web server, log in, then get a blank page in IE and
>> in Firefox I get the page at /usr/share/ipa/html/unauthorized.html. I
>> checked the source code for the IE page and it's actually taking me to
>> the same page, just not showing any text. I changed to compatibility
>> mode, same thing. I did all the recommended changes in Firefox, but have
>> the same result.
>>
>>
>>
>> This is in the Apache error log
>>
>>
>>
>> [Tue Apr 20 11:48:54 2010] [error] [client X.X.X.X]
>> gss_accept_sec_context() failed: An unsupported mechanism was requested
>> (, Unknown error)
>>
>>
>>
>> I tried logging in as admin and as a user I added. No luck.
>>
>>
>>
>> Any ideas for things to try?
>
> What OS are you running Firefox from?
>
> The underlying problem is that you need to do kerberos authentication
> from within the browser. This is possible in Windows if you install the
> MIT kerberos client software.
>
> For it to work natively in Windows you'd have to get a ticket as part of
> a domain login which we don't support (and probably won't for a while).
>
> rob
>
More information about the Freeipa-users
mailing list