[Freeipa-users] Web UI Authentication errors - revisited
Dmitri Pal
dpal at redhat.com
Fri Mar 6 15:21:38 UTC 2015
On 03/06/2015 09:26 AM, Dan Mossor wrote:
> On Fri, Mar 6, 2015 at 1:28 AM, Martin Kosek <mkosek at redhat.com
> <mailto:mkosek at redhat.com>> wrote:
>
> On 03/06/2015 02:38 AM, Dan Mossor wrote:
>
>
>
> On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>
> <mailto:dpal at redhat.com <mailto:dpal at redhat.com>>> wrote:
>
> http://i.imgur.com/mhX86Ng.png
>
> It should show up if you do not have a ticket. Destroy the
> ticket on the
> client and try to access the server via browser, you
> should be redirected.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
> Ok then, that is the page that keeps returning. I've tried
> from this
> workstation using Konquerer, which does not support Kerberos,
> I've from from
> Internet Explorer on a Windows 7 Professional desktop, and
> I've tried from a
> Fedora 21 system that is not enrolled in the domain. I get the
> exact same
> response with every attempt.
>
> One additional step I attempted to take was to change the
> admin password on the
> IPA server. I am getting a ldap_sasl_interactive_bind_s:
> Unknown authentication
> method (-6) error back.
>
> I think this installation is hosed. I am ready to wipe and
> start over from
> scratch tomorrow. I've already wasted 16 hours on it.
>
>
> Sorry to hear that. But I think you should start taking gradual
> steps in your testing and trying to make Web UI over GSSAPI work.
> I would suggest this procedure:
>
> 1) Can I "kinit admin" and run CLI command ("ipa user-show
> admin")? If yes, basic FreeIPA is functioning. Run kdestroy to get
> rid of Kerberos.
>
> 2) Can I login with form basic auth to my FreeIPA? If not, did you
> verify all the items in
> http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
> ? Did you try logging with form based auth in FreeIPA public demo
> for example (user "admin", password "Secret123"):
>
> https://ipa.demo1.freeipa.org/ipa/ui/
>
> If not, we can dig further. If yes, you can continue with kinit +
> SSO for the Web UI.
>
> Martin, Dmitri,
>
> Thanks for your help, but I've taken every step available on the page
> you linked. I just checked this morning before I started over, and on
> the server I can kinit as admin and run ipa user-show admin. The ipa
> tools are not on my workstation. I then ran kdestroy on both the
> server and workstation, and the error remains when logging in to the
> web UI - it returns me to the screen I showed above in the link to the
> screenshot.
>
> Regards,
> Dan
From your workstation can you use the demo instance
https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same error?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/fcdf1b75/attachment.htm>
More information about the Freeipa-users
mailing list