[Freeipa-users] is not an IPA v2 Server.
Rob Crittenden
rcritten at redhat.com
Mon Jun 18 15:51:21 UTC 2012
george he wrote:
> Hello all,
>
> Here is some other information.
> I'm setting this up for a lab in a university. The university has its
> own kerberos server (and DNS server, which I use).
> I'm not sure whether anybody has set a kerberos server for the
> department, or some other labs used the department sub-domain.
> But I'm sure the realm name is unique.
>
> When I open the web UI on the server (firefox 13.0), I almost always get
> this error:
> Your Kerberos ticket is no longer valid. Please run kinit and then click
> 'Retry'. If this is your first time running the IPA Web UI follow these
> directions <https://cns2.psych.yale.edu/ipa/config/unauthorized.html> to
> configure your browser.
> Or you can use form-based authentication
> <https://cns2.psych.yale.edu/ipa/ui/#>.
> but I can use the form based authentication sometimes, not always.
You need to configure the browser to do Kerberos single sign-on. There
should be a link in the failure message to take you to a page to help
you configure this. You also need to have done a kinit.
I'm not sure why forms-based auth work work only sometimes, additional
details would be needed.
I'm not sure why the server would be pingable from your client but HTTP
doesn't work. There may be another firewall blocking the packets on your
network.
rob
More information about the Freeipa-users
mailing list