[Freeipa-users] Help regarding Basic FreeIPA setup

Dmitri Pal dpal at redhat.com
Mon May 14 21:21:20 UTC 2012 

On 05/14/2012 05:09 PM, Chandan Kumar wrote:
> I am a newbie in IPA and was experimenting it on my couple of VMs
> before considering it for production level.
>
> Installation went fine, however, I am getting the kerberos key
> expiration error at firefox. I am running firefox on the same machine
> where I have installed/configured ipa-server. On googling and some
> help in IRC I checked documentation to trouble shoot it as this appear
> to be a known problem.
>
> Moreover, I did follow
>
> http://freeipa.org/page/InstallAndDeploy
> http://freeipa.org/page/TroubleshootingGuide
>
> Fire fox logs
>
> 1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
> -1977841888[7fc789f5b040]:   using REQ_DELEGATE
> -1977841888[7fc789f5b040]:   service = ipaserver.example.com
> <http://ipaserver.example.com>
> -1977841888[7fc789f5b040]:   using negotiate-gss
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
> [challenge=Negotiate]
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified
> GSS failure.  Minor code may provide more information
> SPNEGO cannot find mechanisms to negotiate
> -1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
>
> [root at ds var]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at EXAMPLE.COM <mailto:admin at EXAMPLE.COM>
>
> Valid starting     Expires            Service principal
> 05/14/12 13:50:32  05/15/12 13:50:30  krbtgt/EXAMPLE.COM at EXAMPLE.COM
> <mailto:EXAMPLE.COM at EXAMPLE.COM>
> 05/14/12 13:53:58  05/15/12 13:50:30 
> HTTP/ipaserver.example.com at EXAMPLE.COM
> <mailto:ipaserver.example.com at EXAMPLE.COM>
> 05/14/12 13:54:13  05/15/12 13:50:30 
> ldap/ipaserver.example.com at EXAMPLE.COM
> <mailto:ipaserver.example.com at EXAMPLE.COM>
> [root at ds var]#
>
> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
>
> at http://fpaste.org/9hXX/
>
> I am not sure what I am missing though. Appreciate any help.
>
> Thanks
> Chandan
>
>
>

Are you running FF on windows?
Which version of IPA are you using?


>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120514/cdf1c189/attachment.htm>

More information about the Freeipa-users mailing list