[Freeipa-users] Fedora 12 install documentation 2.0.0 & admin documentation 2.0.0 and problems.
Steven Jones
Steven.Jones at vuw.ac.nz
Wed Jul 7 20:49:55 UTC 2010
8><----
> I tried https://localhost:443
>
> and I get a "Kerberos Authentication failed".....there is no workable
> documentation / indication on how to fix this....
http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html
In short, you need to configure your browser to do kerberos
authentication, trust the IPA root CA and you need a kerberos ticket in
order to connect.
>
8><------
I did this however it keeps coming up with the same msg.
Also there is no instruction to tell me how to get the kerberos ticket recognised.....
> ===============
>
>
> "Kerberos Authentication Failed
>
> Unable to verify your Kerberos credentials. Please make sure that you
> have valid Kerberos tickets (obtainable via kinit), and that you have
> configured your browser correctly
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ssbrowser.html>. If you
> are still unable to access the IPA Web interface, please contact the
> helpdesk on for additional assistance.
>
> Import the IPA Certificate Authority
> <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ca.crt>.
>
> You can automatically configure your browser to work with Kerberos by
> importing the Certificate Authority above and clicking on the Configure
> Browser button.
>
> You *must* reload this page after importing the Certificate Authority
> for the automatic settings to work
>
> =============
>
>
>
>
>
> So I run kinit as a local user and get told....
>
>
>
> "kinit: Client not found in Kerberos database while getting initial
> credentials"
>Did you add your user as a user in IPA? You can always try getting a
>ticket as the admin user for testing (kinit admin).
No, the documentation didnt tell me to, or how....so this part of the "testing" needs to include suitable cli commands / instructions to allow a proper test. This should be a sequence all in order of all the steps needed and not dig your way through a 500 page manual and guess...
Really I guess someone wants to write a quick start or evaluation guide. Its interesting when you watch the youtube on freeipa and they talk about not having to be an expert in every single aspect, yet that's exactly what we end up with here, again.
I have run kinit as admin and that seems fine, however the I have not been able to figure out how to use the admin's kerberos ticket I assume its /tmp/krb5cc_0 (which is owned by root) in a user's webrowser...Fedora 12 prevents root logging in under a gui which is silly...and I have not been able to find how to allow that yet.
Also I cant login as the admin user as I got told that the admin account already exists when I try a "adduser admin"....yet does not exist in /etc/passwd, group or shadow....
So what do I do with this ticket? simply change its permissions to that of the local user? hack a file somewhere to point to it?
regards
Steven
More information about the Freeipa-users
mailing list