[Freeipa-users] Apache Error Immediately After Install

Rob Crittenden rcritten at redhat.com
Wed Apr 21 17:44:52 UTC 2010 

Brad Lodgen wrote:
> Rob,
> 
> Thanks for your reply. I'm not sure if it makes much difference, but I
> forgot to say I'm using the 2.0 Alpha latest release.
> 
> I am using Windows 7. I downloaded the MIT Kerberos Client for Windows,
> added my realm/domain, got my ticket, but I still get the same result. I
> used the admin user and the user I added, both same results. I ran kinit on
> both before trying, same result. I ran ipa user-find on both, both exist.
> 
> Same error message in Firefox, same blank page in IE, same error message on
> /var/log/httpd/error_log.
> 
> Any suggestions to move forward?

Did you set this in about:config on your browser?
network.auth.use-sspi false

You might walso want to try this, though I'm not 100% sure if the 
environment variables work the same way in Windows.

http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html#sect-Installation_and_Deployment_Guide-Configuring_Your_Browser-Troubleshooting

This should give us a client-side view of what the request is doing.

Do you have a Linux machine you can try from as a baseline test?

rob

> 
> 
> 
> -----Original Message-----
> From: Rob Crittenden [mailto:rcritten at redhat.com] 
> Sent: Tuesday, April 20, 2010 12:26 PM
> To: Brad Lodgen
> Cc: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Apache Error Immediately After Install
> 
> Brad Lodgen wrote:
>> I have a fresh install. All I've done is kinit admin and added a single 
>> user.
>>
>>  
>>
>> I browse to my ipa web server, log in, then get a blank page in IE and 
>> in Firefox I get the page at /usr/share/ipa/html/unauthorized.html. I 
>> checked the source code for the IE page and it's actually taking me to 
>> the same page, just not showing any text. I changed to compatibility 
>> mode, same thing. I did all the recommended changes in Firefox, but have 
>> the same result.
>>
>>  
>>
>> This is in the Apache error log
>>
>>  
>>
>> [Tue Apr 20 11:48:54 2010] [error] [client X.X.X.X] 
>> gss_accept_sec_context() failed: An unsupported mechanism was requested 
>> (, Unknown error)
>>
>>  
>>
>> I tried logging in as admin and as a user I added. No luck.
>>
>>  
>>
>> Any ideas for things to try?
> 
> What OS are you running Firefox from?
> 
> The underlying problem is that you need to do kerberos authentication 
> from within the browser. This is possible in Windows if you install the 
> MIT kerberos client software.
> 
> For it to work natively in Windows you'd have to get a ticket as part of 
> a domain login which we don't support (and probably won't for a while).
> 
> rob
>

More information about the Freeipa-users mailing list