[Freeipa-users] Help regarding Basic FreeIPA setup
Dmitri Pal
dpal at redhat.com
Mon May 14 21:21:20 UTC 2012
On 05/14/2012 05:09 PM, Chandan Kumar wrote:
> I am a newbie in IPA and was experimenting it on my couple of VMs
> before considering it for production level.
>
> Installation went fine, however, I am getting the kerberos key
> expiration error at firefox. I am running firefox on the same machine
> where I have installed/configured ipa-server. On googling and some
> help in IRC I checked documentation to trouble shoot it as this appear
> to be a known problem.
>
> Moreover, I did follow
>
> http://freeipa.org/page/InstallAndDeploy
> http://freeipa.org/page/TroubleshootingGuide
>
> Fire fox logs
>
> 1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
> -1977841888[7fc789f5b040]: using REQ_DELEGATE
> -1977841888[7fc789f5b040]: service = ipaserver.example.com
> <http://ipaserver.example.com>
> -1977841888[7fc789f5b040]: using negotiate-gss
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
> [challenge=Negotiate]
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified
> GSS failure. Minor code may provide more information
> SPNEGO cannot find mechanisms to negotiate
> -1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
>
> [root at ds var]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at EXAMPLE.COM <mailto:admin at EXAMPLE.COM>
>
> Valid starting Expires Service principal
> 05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/EXAMPLE.COM at EXAMPLE.COM
> <mailto:EXAMPLE.COM at EXAMPLE.COM>
> 05/14/12 13:53:58 05/15/12 13:50:30
> HTTP/ipaserver.example.com at EXAMPLE.COM
> <mailto:ipaserver.example.com at EXAMPLE.COM>
> 05/14/12 13:54:13 05/15/12 13:50:30
> ldap/ipaserver.example.com at EXAMPLE.COM
> <mailto:ipaserver.example.com at EXAMPLE.COM>
> [root at ds var]#
>
> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
>
> at http://fpaste.org/9hXX/
>
> I am not sure what I am missing though. Appreciate any help.
>
> Thanks
> Chandan
>
>
>
Are you running FF on windows?
Which version of IPA are you using?
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120514/cdf1c189/attachment.htm>
More information about the Freeipa-users
mailing list