[Freeipa-users] IPA commands failing
Petr Spacek
pspacek at redhat.com
Tue Jul 8 06:59:40 UTC 2014
On 7.7.2014 20:21, Erinn Looney-Triggs wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On a RHEL 6.5 environment the IPA command line tools are failing me
> with the following:
>
> ipa ping
> ipa: ERROR: cannot connect to Gettext('any of the configured servers',
> domain='ipa', localedir=None): https://ipa.foo.com/ipa/xml,
> https://ipa2.foo.com/ipa/xml
>
> As well web access is failing to allow me to log in, either with
> kerberos tickets or via the login prompt, from the apache logs:
> [Mon Jul 07 18:15:29 2014] [error] ipa: INFO: 401 Unauthorized:
> Insufficient access: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure. Minor code may provide more information
> (Server ldap/localhost at ABAQIS.COM not found in Kerberos database)
I guess that something is wrong with host name resolution. You should not see
names like ldap/localhost. The correct name is ldap/<fqdn>.
The problem could be similar to one described here:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a2.Serverldapsrv01EXAMPLE.COMnotfoundinKerberosdatabase
Please double-check /etc/hosts, hostname and records in DNS.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list