[Freeipa-users] Help regarding Basic FreeIPA setup
Chandan Kumar
chandank.kumar at gmail.com
Mon May 14 21:25:08 UTC 2012
System: Centos 6.2
IPA version : ipa-server-2.1.3-9.el6.x86_64
Thanks
Chandan
On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal <dpal at redhat.com> wrote:
> **
> On 05/14/2012 05:09 PM, Chandan Kumar wrote:
>
> I am a newbie in IPA and was experimenting it on my couple of VMs before
> considering it for production level.
>
> Installation went fine, however, I am getting the kerberos key expiration
> error at firefox. I am running firefox on the same machine where I have
> installed/configured ipa-server. On googling and some help in IRC I checked
> documentation to trouble shoot it as this appear to be a known problem.
>
> Moreover, I did follow
>
> http://freeipa.org/page/InstallAndDeploy
> http://freeipa.org/page/TroubleshootingGuide
>
> Fire fox logs
>
> 1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
> -1977841888[7fc789f5b040]: using REQ_DELEGATE
> -1977841888[7fc789f5b040]: service = ipaserver.example.com
> -1977841888[7fc789f5b040]: using negotiate-gss
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
> [challenge=Negotiate]
> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS
> failure. Minor code may provide more information
> SPNEGO cannot find mechanisms to negotiate
> -1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
> [rv=80004005]
>
> [root at ds var]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at EXAMPLE.COM
>
> Valid starting Expires Service principal
> 05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/EXAMPLE.COM at EXAMPLE.COM
> 05/14/12 13:53:58 05/15/12 13:50:30 HTTP/
> ipaserver.example.com at EXAMPLE.COM
> 05/14/12 13:54:13 05/15/12 13:50:30 ldap/
> ipaserver.example.com at EXAMPLE.COM
> [root at ds var]#
>
> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
>
> at http://fpaste.org/9hXX/
>
> I am not sure what I am missing though. Appreciate any help.
>
> Thanks
> Chandan
>
>
>
>
> Are you running FF on windows?
> Which version of IPA are you using?
>
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120514/541d6486/attachment.htm>
More information about the Freeipa-users
mailing list