[Freeipa-users] is not an IPA v2 Server.

Rob Crittenden rcritten at redhat.com
Mon Jun 18 17:28:46 UTC 2012 

george he wrote:
> Hello Rob,
>
> Yes, I did the configuration earlier today. And I did kinit too.
> It seems the web UI loads really slowly - the circular thing can turn
> for minutes. So maybe I wasn't patient enough to let the page load.

A fair bit of javascript is loaded the very first time you visit IPA, 
that can be slow. Otherwise it should be relatively quick. Not minutes 
anyway.

> I can ssh to the server and the client from my home, so I don't think
> there's another firewall blocking the connection.

Different ports and that isn't the client talking to the server, it is 
you talking to the client and to the server. This is definitely some 
sort of networking problem, though "no route to host" is rather odd 
since you can ping. You might also look at the iptables configuration on 
the client.

rob

> Thanks,
> George
>
>     ------------------------------------------------------------------------
>     *From:* Rob Crittenden <rcritten at redhat.com>
>     *To:* george he <george_he7 at yahoo.com>
>     *Cc:* Petr Viktorin <pviktori at redhat.com>;
>     "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>     *Sent:* Monday, June 18, 2012 11:51 AM
>     *Subject:* Re: [Freeipa-users] is not an IPA v2 Server.
>
>     george he wrote:
>      > Hello all,
>      >
>      > Here is some other information.
>      > I'm setting this up for a lab in a university. The university has its
>      > own kerberos server (and DNS server, which I use).
>      > I'm not sure whether anybody has set a kerberos server for the
>      > department, or some other labs used the department sub-domain.
>      > But I'm sure the realm name is unique.
>      >
>      > When I open the web UI on the server (firefox 13.0), I almost
>     always get
>      > this error:
>      > Your Kerberos ticket is no longer valid. Please run kinit and
>     then click
>      > 'Retry'. If this is your first time running the IPA Web UI follow
>     these
>      > directions
>     <https://cns2.psych.yale.edu/ipa/config/unauthorized.html> to
>      > configure your browser.
>      > Or you can use form-based authentication
>      > <https://cns2.psych.yale.edu/ipa/ui/#>.
>      > but I can use the form based authentication sometimes, not always.
>
>     You need to configure the browser to do Kerberos single sign-on.
>     There should be a link in the failure message to take you to a page
>     to help you configure this. You also need to have done a kinit.
>
>     I'm not sure why forms-based auth work work only sometimes,
>     additional details would be needed.
>
>     I'm not sure why the server would be pingable from your client but
>     HTTP doesn't work. There may be another firewall blocking the
>     packets on your network.
>
>     rob
>
>

More information about the Freeipa-users mailing list