[Freeipa-users] Web UI Authentication errors - revisited
Martin Kosek
mkosek at redhat.com
Fri Mar 6 07:28:48 UTC 2015
On 03/06/2015 02:38 AM, Dan Mossor wrote:
>
>
> On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> http://i.imgur.com/mhX86Ng.png
>
> It should show up if you do not have a ticket. Destroy the ticket on the
> client and try to access the server via browser, you should be redirected.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> Ok then, that is the page that keeps returning. I've tried from this
> workstation using Konquerer, which does not support Kerberos, I've from from
> Internet Explorer on a Windows 7 Professional desktop, and I've tried from a
> Fedora 21 system that is not enrolled in the domain. I get the exact same
> response with every attempt.
>
> One additional step I attempted to take was to change the admin password on the
> IPA server. I am getting a ldap_sasl_interactive_bind_s: Unknown authentication
> method (-6) error back.
>
> I think this installation is hosed. I am ready to wipe and start over from
> scratch tomorrow. I've already wasted 16 hours on it.
Sorry to hear that. But I think you should start taking gradual steps in your
testing and trying to make Web UI over GSSAPI work. I would suggest this procedure:
1) Can I "kinit admin" and run CLI command ("ipa user-show admin")? If yes,
basic FreeIPA is functioning. Run kdestroy to get rid of Kerberos.
2) Can I login with form basic auth to my FreeIPA? If not, did you verify all
the items in
http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI ? Did
you try logging with form based auth in FreeIPA public demo for example (user
"admin", password "Secret123"):
https://ipa.demo1.freeipa.org/ipa/ui/
If not, we can dig further. If yes, you can continue with kinit + SSO for the
Web UI.
More information about the Freeipa-users
mailing list