[Freeipa-users] Server - client mismatch has no progressed to 6.1 - latest run

Steven Jones Steven.Jones at vuw.ac.nz
Thu May 26 21:02:06 UTC 2011 

[root at rhel61-test64ws01 jonesst1]# kdestroy
[root at rhel61-test64ws01 jonesst1]# export KRB5_CONFIG=/home/jonesst1/test-krb5.conf 
[root at rhel61-test64ws01 jonesst1]# kinit admin
Password for admin at UNIX.VUW.AC.NZ: 
[root at rhel61-test64ws01 jonesst1]# klist -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at UNIX.VUW.AC.NZ

Valid starting     Expires            Service principal
05/27/11 08:49:35  05/28/11 08:49:27  krbtgt/UNIX.VUW.AC.NZ at UNIX.VUW.AC.NZ
	Flags: FIA
[root at rhel61-test64ws01 jonesst1]# curl -kv --negotiate -u : https://vuwunicoipamt01.unix.vuw.ac.nz/ipa/xml
* About to connect() to vuwunicoipamt01.unix.vuw.ac.nz port 443 (#0)
*   Trying 130.195.87.236... connected
* Connected to vuwunicoipamt01.unix.vuw.ac.nz (130.195.87.236) port 443 (#0)
* Initializing NSS with certpath: /etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* 	subject: CN=vuwunicoipamt01.unix.vuw.ac.nz,O=UNIX.VUW.AC.NZ
* 	start date: May 23 04:36:22 2011 GMT
* 	expire date: May 23 04:36:22 2021 GMT
* 	common name: vuwunicoipamt01.unix.vuw.ac.nz
* 	issuer: CN=UNIX.VUW.AC.NZ Certificate Authority
> GET /ipa/xml HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: vuwunicoipamt01.unix.vuw.ac.nz
> Accept: */*
> 
< HTTP/1.1 401 Authorization Required
< Date: Thu, 26 May 2011 20:50:01 GMT
< Server: Apache/2.2.15 (Red Hat)
* gss_init_sec_context() failed: : Server krbtgt/VUW.AC.NZ at UNIX.VUW.AC.NZ not found in Kerberos databaseWWW-Authenticate: Negotiate
< Last-Modified: Wed, 20 Apr 2011 13:57:02 GMT
< ETag: "a51-5de-4a159ffc36780"
< Accept-Ranges: bytes
< Content-Length: 1502
< Connection: close
< Content-Type: text/html; charset=UTF-8
< 
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
    <title>IPA: Identity Policy Audit</title>

    <script type="text/javascript" src="../ui/jquery.js"></script>

    <link rel="stylesheet" type="text/css" href="../ui/jquery-ui.css" />
    <link rel="stylesheet" type="text/css" href="ipa_error.css" />

 <script type="text/javascript">
   $(document).ready(function() {
   $("#import-cert-auth-link").click(function(){
   $("#first-time").css("display","none");
   $("#next-link").css("display","block");
   return true;
   });

   });

 </script>
</head>

<body id="header-bg">

  <div class="container_1">
    <div class="header-logo">
            <img src="../ui/ipalogo.png" />
        </div>
       <div class="textblockkrb">
        <h1>Unable to verify your Kerberos credentials.</h1><p> Please make sure that you have valid Kerberos tickets (obtainable via <b>kinit</b>), and that you have configured your browser correctly. </p>
          <b>If this is your first time</b>
          <div id="first-time">
          <ul>
            <li><a id="import-cert-auth-link" href="/ipa/errors/ca.crt"  >Click here to Import the IPA Certificate Authority</a>. </li>
            <li>Make sure you select <b>all three</b> checkboxes </li>
            <li>Click the <b>OK</b> Button</li>
          </ul>
          </div>
          <div id="next-link" style="display:none;">
          . <p> <a href="browserconfig.html"> Next Step:</a></p>
          </div>
        </div>

   </div>

</body>

</html>
* Closing connection #0
[root at rhel61-test64ws01 jonesst1]# klist -f
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at UNIX.VUW.AC.NZ

Valid starting     Expires            Service principal
05/27/11 08:49:35  05/28/11 08:49:27  krbtgt/UNIX.VUW.AC.NZ at UNIX.VUW.AC.NZ
	Flags: FIA
[root at rhel61-test64ws01 jonesst1]# unset KRB5_CONFIG
[root at rhel61-test64ws01 jonesst1]# 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: error_log
Type: application/octet-stream
Size: 113262 bytes
Desc: error_log
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110526/ad69afd7/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5kdc.log
Type: application/octet-stream
Size: 191709 bytes
Desc: krb5kdc.log
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110526/ad69afd7/attachment-0001.obj>

More information about the Freeipa-users mailing list