[Freeipa-users] FreeIPA and PWM

[Tiemen Ruiten]

Hello,

I'm trying to set up a self-service page for a new IPA domain and I'm
trying to use PWM for that.

When I try to bind to FreeIPA from within PWM, with the configured "LDAP
Proxy User", I get the following error:

error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636':
unable to create connection: unable to bind to ldaps://
polonium.ipa.rdmedia.com:636 as
cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason:
[LDAP: error code 48 - Inappropriate Authentication]

In /var/log/krb5kdc.log I see:

Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): AS_REQ (6
etypes {18 17 16 23 25 26}) 192.168.50.33: NEEDED_PREAUTH: host/
protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM for krbtgt/
IPA.RDMEDIA.COM at IPA.RDMEDIA.COM, Additional pre-authentication required
Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): closing down
fd 12
Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): AS_REQ (6
etypes {18 17 16 23 25 26}) 192.168.50.33: ISSUE: authtime 1461165149,
etypes {rep=18 tkt=18 ses=18}, host/
protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM for krbtgt/
IPA.RDMEDIA.COM at IPA.RDMEDIA.COM
Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): closing down
fd 12
Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): TGS_REQ (6
etypes {18 17 16 23 25 26}) 192.168.50.33: ISSUE: authtime 1461165149,
etypes {rep=18 tkt=18 ses=18}, host/
protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM for ldap/
polonium.ipa.rdmedia.com at IPA.RDMEDIA.COM
Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): closing down
fd 12

What is going on? What can I do to debug this more?


-- 
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160420/132bdf12/attachment.htm>