[Freeipa-users] FreeIPA and PWM
Martin Kosek
mkosek at redhat.com
Thu Apr 21 07:59:20 UTC 2016
On 04/20/2016 05:23 PM, Tiemen Ruiten wrote:
> Hello,
>
> I'm trying to set up a self-service page for a new IPA domain and I'm trying to
> use PWM for that.
>
> When I try to bind to FreeIPA from within PWM, with the configured "LDAP Proxy
> User", I get the following error:
>
> error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636
> <http://polonium.ipa.rdmedia.com:636>': unable to create connection: unable to
> bind to ldaps://polonium.ipa.rdmedia.com:636
> <http://polonium.ipa.rdmedia.com:636> as
> cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason: [LDAP:
> error code 48 - Inappropriate Authentication]
>
> In /var/log/krb5kdc.log I see:
>
> Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com>
> krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> <http://192.168.50.33>: NEEDED_PREAUTH:
> host/protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> <mailto:protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM> for
> krbtgt/IPA.RDMEDIA.COM at IPA.RDMEDIA.COM <mailto:IPA.RDMEDIA.COM at IPA.RDMEDIA.COM>,
> Additional pre-authentication required
> Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com>
> krb5kdc[25760](info): closing down fd 12
> Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com>
> krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18 tkt=18
> ses=18}, host/protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> <mailto:protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM> for
> krbtgt/IPA.RDMEDIA.COM at IPA.RDMEDIA.COM <mailto:IPA.RDMEDIA.COM at IPA.RDMEDIA.COM>
> Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com>
> krb5kdc[25760](info): closing down fd 12
> Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com>
> krb5kdc[25760](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18 tkt=18
> ses=18}, host/protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> <mailto:protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM> for
> ldap/polonium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> <mailto:polonium.ipa.rdmedia.com at IPA.RDMEDIA.COM>
> Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com>
> krb5kdc[25760](info): closing down fd 12
>
> What is going on? What can I do to debug this more?
>
>
> --
> Tiemen Ruiten
> Systems Engineer
> R&D Media
Hello Tiemen,
Just for the record, in FreeIPA we have been also working on our own version of
the Community Portal that could be useful for the registration and is already
well integrated with FreeIPA:
https://github.com/freeipa/freeipa-community-portal
http://freeipa-community-portal.readthedocs.org/en/latest/
CCing Christian who currently owns the project.
HTH,
Martin
More information about the Freeipa-users
mailing list