[Freeipa-users] Fedora 12 install documentation 2.0.0 & admin documentation 2.0.0 and problems.
Rob Crittenden
rcritten at redhat.com
Wed Jul 7 12:52:41 UTC 2010
Steven Jones wrote:
> Hi,
>
> I have installed free-ipa on fedora 12...
>
> Install documentation
>
> Some issues...."3.2 To test your IPA installation",
>
> 3. Item should read "/usr/sbin/ipa-finduser admin" and not
> "/usr/bin/ipa user-find admin"
The command-line changed between 1.2 and 2.0. If you are using 1.2 (the
default in Fedora 12) then the command is ipa-finduser. If you are
running 2.0 (or more precisely one of the alphas named 1.9) then the
command is ipa user-find.
You can determine the version you have with: rpm -q ipa-server
>
> Admin documentation
>
> 1.1.1.1
>
> "Using the Web Interface",
>
> There is no explanation of how to do get to the user homepage....
>
> I tried https://localhost:443
>
> and I get a "Kerberos Authentication failed".....there is no workable
> documentation / indication on how to fix this....
http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html
In short, you need to configure your browser to do kerberos
authentication, trust the IPA root CA and you need a kerberos ticket in
order to connect.
>
>
>
> ===============
>
>
> "Kerberos Authentication Failed
>
> Unable to verify your Kerberos credentials. Please make sure that you
> have valid Kerberos tickets (obtainable via kinit), and that you have
> configured your browser correctly
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ssbrowser.html>. If you
> are still unable to access the IPA Web interface, please contact the
> helpdesk on for additional assistance.
>
> Import the IPA Certificate Authority
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ca.crt>.
>
> You can automatically configure your browser to work with Kerberos by
> importing the Certificate Authority above and clicking on the Configure
> Browser button.
>
> You *must* reload this page after importing the Certificate Authority
> for the automatic settings to work
>
> =============
>
>
>
>
>
> So I run kinit as a local user and get told....
>
>
>
> "kinit: Client not found in Kerberos database while getting initial
> credentials"
Did you add your user as a user in IPA? You can always try getting a
ticket as the admin user for testing (kinit admin).
> So anyway I attempt to follow the instruction in the web browser window
> (as above) and keep getting the same thing when I restart Firefox.
>
> So what next?
>
> regards
>
> Steven
Thanks for the feedback.
rob
More information about the Freeipa-users
mailing list