[Freeipa-users] Fedora 12 install documentation 2.0.0 & admin documentation 2.0.0 and problems.

Rob Crittenden rcritten at redhat.com
Wed Jul 7 12:52:41 UTC 2010 

Steven Jones wrote:
> Hi,
> 
> I have installed free-ipa on fedora 12...
> 
> Install documentation
> 
> Some issues...."3.2 To test your IPA installation",
> 
> 3. Item should read "/usr/sbin/ipa-finduser admin"  and not 
> "/usr/bin/ipa user-find admin"

The command-line changed between 1.2 and 2.0. If you are using 1.2 (the 
default in Fedora 12) then the command is ipa-finduser. If you are 
running 2.0 (or more precisely one of the alphas named 1.9) then the 
command is ipa user-find.

You can determine the version you have with: rpm -q ipa-server

> 
> Admin documentation
> 
> 1.1.1.1
> 
> "Using the Web Interface",
> 
> There is no explanation of how to do get to the user homepage....
> 
> I tried https://localhost:443
> 
> and I get a "Kerberos Authentication failed".....there is no workable 
> documentation / indication on how to fix this....

http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html

In short, you need to configure your browser to do kerberos 
authentication, trust the IPA root CA and you need a kerberos ticket in 
order to connect.
> 
>  
> 
> ===============
> 
> 
>     "Kerberos Authentication Failed
> 
> Unable to verify your Kerberos credentials. Please make sure that you 
> have valid Kerberos tickets (obtainable via kinit), and that you have 
> configured your browser correctly 
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ssbrowser.html>. If you 
> are still unable to access the IPA Web interface, please contact the 
> helpdesk on for additional assistance.
> 
> Import the IPA Certificate Authority 
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ca.crt>.
> 
> You can automatically configure your browser to work with Kerberos by 
> importing the Certificate Authority above and clicking on the Configure 
> Browser button.
> 
> You *must* reload this page after importing the Certificate Authority 
> for the automatic settings to work
> 
> =============
> 
>  
> 
>  
> 
> So I run kinit as a local user and get told....
> 
>  
> 
> "kinit: Client not found in Kerberos database while getting initial 
> credentials"

Did you add your user as a user in IPA? You can always try getting a 
ticket as the admin user for testing (kinit admin).

> So anyway I attempt to follow the instruction in the web browser window 
> (as above) and keep getting the same thing when I restart Firefox.
> 
> So what next?
> 
> regards
> 
> Steven

Thanks for the feedback.

rob

More information about the Freeipa-users mailing list