[Freeipa-users] Web UI Authentication errors - revisited

Dmitri Pal dpal at redhat.com
Fri Mar 6 15:21:38 UTC 2015 

On 03/06/2015 09:26 AM, Dan Mossor wrote:
> On Fri, Mar 6, 2015 at 1:28 AM, Martin Kosek <mkosek at redhat.com 
> <mailto:mkosek at redhat.com>> wrote:
>
>     On 03/06/2015 02:38 AM, Dan Mossor wrote:
>
>
>
>         On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <dpal at redhat.com
>         <mailto:dpal at redhat.com>
>         <mailto:dpal at redhat.com <mailto:dpal at redhat.com>>> wrote:
>
>         http://i.imgur.com/mhX86Ng.png
>
>             It should show up if you do not have a ticket. Destroy the
>         ticket on the
>             client and try  to access the server via browser, you
>         should be redirected.
>
>             --
>             Thank you,
>             Dmitri Pal
>
>             Sr. Engineering Manager IdM portfolio
>             Red Hat, Inc.
>
>         Ok then, that is the page that keeps returning. I've tried
>         from this
>         workstation using Konquerer, which does not support Kerberos,
>         I've from from
>         Internet Explorer on a Windows 7 Professional desktop, and
>         I've tried from a
>         Fedora 21 system that is not enrolled in the domain. I get the
>         exact same
>         response with every attempt.
>
>         One additional step I attempted to take was to change the
>         admin password on the
>         IPA server. I am getting a ldap_sasl_interactive_bind_s:
>         Unknown authentication
>         method (-6) error back.
>
>         I think this installation is hosed. I am ready to wipe and
>         start over from
>         scratch tomorrow. I've already wasted 16 hours on it.
>
>
>     Sorry to hear that. But I think you should start taking gradual
>     steps in your testing and trying to make Web UI over GSSAPI work.
>     I would suggest this procedure:
>
>     1) Can I "kinit admin" and run CLI command ("ipa user-show
>     admin")? If yes, basic FreeIPA is functioning. Run kdestroy to get
>     rid of Kerberos.
>
>     2) Can I login with form basic auth to my FreeIPA? If not, did you
>     verify all the items in
>     http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
>     ? Did you try logging with form based auth in FreeIPA public demo
>     for example (user "admin", password "Secret123"):
>
>     https://ipa.demo1.freeipa.org/ipa/ui/
>
>     If not, we can dig further. If yes, you can continue with kinit +
>     SSO for the Web UI.
>
> Martin, Dmitri,
>
> Thanks for your help, but I've taken every step available on the page 
> you linked. I just checked this morning before I started over, and on 
> the server I can kinit as admin and run ipa user-show admin. The ipa 
> tools are not on my workstation. I then ran kdestroy on both the 
> server and workstation, and the error remains when logging in to the 
> web UI - it returns me to the screen I showed above in the link to the 
> screenshot.
>
> Regards,
> Dan

 From your workstation can you use the demo instance 
https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same error?

-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/fcdf1b75/attachment.htm>

More information about the Freeipa-users mailing list