[Freeipa-users] FreeIPA and PWM
Tiemen Ruiten
t.ruiten at rdmedia.com
Thu Apr 21 10:57:33 UTC 2016
Hello Martin,
Thanks that does help, I didn't know about this project. I will try this
approach first. Seems like it will be better integrated with FreeIPA and in
general more maintainable than PWM.
On 21 April 2016 at 09:59, Martin Kosek <mkosek at redhat.com> wrote:
> On 04/20/2016 05:23 PM, Tiemen Ruiten wrote:
> > Hello,
> >
> > I'm trying to set up a self-service page for a new IPA domain and I'm
> trying to
> > use PWM for that.
> >
> > When I try to bind to FreeIPA from within PWM, with the configured "LDAP
> Proxy
> > User", I get the following error:
> >
> > error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636
> > <http://polonium.ipa.rdmedia.com:636>': unable to create connection:
> unable to
> > bind to ldaps://polonium.ipa.rdmedia.com:636
> > <http://polonium.ipa.rdmedia.com:636> as
> > cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason:
> [LDAP:
> > error code 48 - Inappropriate Authentication]
> >
> > In /var/log/krb5kdc.log I see:
> >
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> > <http://192.168.50.33>: NEEDED_PREAUTH:
> > host/protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> > <mailto:protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM> for
> > krbtgt/IPA.RDMEDIA.COM at IPA.RDMEDIA.COM <mailto:
> IPA.RDMEDIA.COM at IPA.RDMEDIA.COM>,
> > Additional pre-authentication required
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): closing down fd 12
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33
> > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18
> tkt=18
> > ses=18}, host/protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> > <mailto:protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM> for
> > krbtgt/IPA.RDMEDIA.COM at IPA.RDMEDIA.COM <mailto:
> IPA.RDMEDIA.COM at IPA.RDMEDIA.COM>
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): closing down fd 12
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): TGS_REQ (6 etypes {18 17 16 23 25 26})
> 192.168.50.33
> > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18
> tkt=18
> > ses=18}, host/protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> > <mailto:protactinium.ipa.rdmedia.com at IPA.RDMEDIA.COM> for
> > ldap/polonium.ipa.rdmedia.com at IPA.RDMEDIA.COM
> > <mailto:polonium.ipa.rdmedia.com at IPA.RDMEDIA.COM>
> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <
> http://polonium.ipa.rdmedia.com>
> > krb5kdc[25760](info): closing down fd 12
> >
> > What is going on? What can I do to debug this more?
> >
> >
> > --
> > Tiemen Ruiten
> > Systems Engineer
> > R&D Media
>
> Hello Tiemen,
>
> Just for the record, in FreeIPA we have been also working on our own
> version of
> the Community Portal that could be useful for the registration and is
> already
> well integrated with FreeIPA:
>
> https://github.com/freeipa/freeipa-community-portal
> http://freeipa-community-portal.readthedocs.org/en/latest/
>
> CCing Christian who currently owns the project.
>
> HTH,
> Martin
>
--
Tiemen Ruiten
Systems Engineer
R&D Media
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160421/349a3c75/attachment.htm>
More information about the Freeipa-users
mailing list