[Freeipa-users] IPA commands failing
Simo Sorce
simo at redhat.com
Wed Jul 9 08:10:15 UTC 2014
On Tue, 2014-07-08 at 08:59 +0200, Petr Spacek wrote:
> On 7.7.2014 20:21, Erinn Looney-Triggs wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On a RHEL 6.5 environment the IPA command line tools are failing me
> > with the following:
> >
> > ipa ping
> > ipa: ERROR: cannot connect to Gettext('any of the configured servers',
> > domain='ipa', localedir=None): https://ipa.foo.com/ipa/xml,
> > https://ipa2.foo.com/ipa/xml
> >
> > As well web access is failing to allow me to log in, either with
> > kerberos tickets or via the login prompt, from the apache logs:
> > [Mon Jul 07 18:15:29 2014] [error] ipa: INFO: 401 Unauthorized:
> > Insufficient access: SASL(-1): generic failure: GSSAPI Error:
> > Unspecified GSS failure. Minor code may provide more information
> > (Server ldap/localhost at ABAQIS.COM not found in Kerberos database)
>
> I guess that something is wrong with host name resolution. You should not see
> names like ldap/localhost. The correct name is ldap/<fqdn>.
Usually the problem is having somthing like this in /etc/hosts:
127.0.0.1 localhost my.real.domain.name
Do not put your real name on the same line as localhost or you'll get
back "localhost" as the "canonical" name and nothing will work.
> The problem could be similar to one described here:
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a2.Serverldapsrv01EXAMPLE.COMnotfoundinKerberosdatabase
>
> Please double-check /etc/hosts, hostname and records in DNS.
>
> --
> Petr^2 Spacek
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list