[Freeipa-users] is not an IPA v2 Server.
george he
george_he7 at yahoo.com
Mon Jun 18 17:51:24 UTC 2012
forget to mention that the server is installed by following this https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/installing-ipa.html
and the client has the same ports open as the server.
George
>________________________________
> From: george he <george_he7 at yahoo.com>
>To: Rob Crittenden <rcritten at redhat.com>
>Cc: "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>Sent: Monday, June 18, 2012 1:41 PM
>Subject: Re: [Freeipa-users] is not an IPA v2 Server.
>
>
>Hi Rob,
>I was just thinking it's very unlikely the university would block http connections from inside, but not ssh from outside. but I'll contact our ITS anyways.
>BTW, I am new to this LDAP and Kerberos thing, and I just followed the steps outlined here https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
>There may be some steps that are obvious to people know these things and they are not listed in the document, then I could have missed them.
>Thanks,
>George
>
>
>
>
>
>>________________________________
>> From: Rob Crittenden <rcritten at redhat.com>
>>To: george he <george_he7 at yahoo.com>
>>Cc: Petr Viktorin <pviktori at redhat.com>; "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>>Sent: Monday, June 18, 2012 1:28 PM
>>Subject: Re: [Freeipa-users] is not an IPA v2 Server.
>>
>>george he wrote:
>>> Hello Rob,
>>>
>>> Yes, I did the configuration earlier today. And I did kinit too.
>>> It seems the web UI loads really slowly - the circular thing can turn
>>> for minutes. So maybe I wasn't patient enough to let the page load.
>>
>>A fair bit of javascript is loaded the very first time you visit IPA,
>>that can be slow. Otherwise it should be relatively quick. Not minutes
>>anyway.
>>
>>> I can ssh to the server and the client from my home, so I don't think
>>> there's another firewall blocking the connection.
>>
>>Different ports and that isn't the client talking to the server, it is
>>you talking to the client and to the server. This is definitely some
>>sort of networking problem, though "no route to host" is rather odd
>>since you can ping. You might also look at the iptables configuration on
>>the client.
>>
>>rob
>>
>>> Thanks,
>>> George
>>>
>>>
------------------------------------------------------------------------
>>> *From:* Rob Crittenden <rcritten at redhat.com>
>>> *To:* george he <george_he7 at yahoo.com>
>>> *Cc:* Petr Viktorin <pviktori at redhat.com>;
>>> "freeipa-users at redhat.com" <freeipa-users at redhat.com>
>>> *Sent:* Monday, June 18, 2012 11:51 AM
>>> *Subject:* Re: [Freeipa-users] is not an IPA v2 Server.
>>>
>>> george he
wrote:
>>> > Hello all,
>>> >
>>> > Here is some other information.
>>> > I'm setting this up for a lab in a university. The university has its
>>> > own kerberos server (and DNS server, which I use).
>>> > I'm not sure whether anybody has set a kerberos server for the
>>> > department, or some other labs used the department sub-domain.
>>> > But I'm sure the realm name is unique.
>>> >
>>> > When I open the web UI on the server (firefox 13.0), I almost
>>> always get
>>> > this error:
>>> > Your Kerberos ticket is no longer valid. Please run kinit and
>>> then click
>>> >
'Retry'. If this is your first time running the IPA Web UI follow
>>> these
>>> > directions
>>> <https://cns2.psych.yale.edu/ipa/config/unauthorized.html> to
>>> > configure your browser.
>>> > Or you can use form-based authentication
>>> > <https://cns2.psych.yale.edu/ipa/ui/#>.
>>> > but I can use the form based authentication sometimes, not always.
>>>
>>> You need to configure the browser to do Kerberos single sign-on.
>>> There should be a link in the failure message to take you to a page
>>> to help you configure this. You also need to have done a
kinit.
>>>
>>> I'm not sure why forms-based auth work work only sometimes,
>>> additional details would be needed.
>>>
>>> I'm not sure why the server would be pingable from your client but
>>> HTTP doesn't work. There may be another firewall blocking the
>>> packets on your network.
>>>
>>> rob
>>>
>>>
>>
>>
>>
>>
>_______________________________________________
>Freeipa-users mailing list
>Freeipa-users at redhat.com
>https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120618/50900463/attachment.htm>
More information about the Freeipa-users
mailing list