<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/14/2012 05:09 PM, Chandan Kumar wrote:
<blockquote
cite="mid:CAD=CKMDvgV=tO289-v9N8Er-eBFfqDd=qT83y-F2wh-s7ALhPw@mail.gmail.com"
type="cite">I am a newbie in IPA and was experimenting it on my
couple of VMs before considering it for production level.<br>
<br>
Installation went fine, however, I am getting the kerberos key
expiration error at firefox. I am running firefox on the same
machine where I have installed/configured ipa-server. On googling
and some help in IRC I checked documentation to trouble shoot it
as this appear to be a known problem. <br>
<br>
Moreover, I did follow<br>
<br>
<a moz-do-not-send="true"
href="http://freeipa.org/page/InstallAndDeploy">http://freeipa.org/page/InstallAndDeploy</a><br>
<a moz-do-not-send="true"
href="http://freeipa.org/page/TroubleshootingGuide">http://freeipa.org/page/TroubleshootingGuide</a><br>
<br>
Fire fox logs<br>
<br>
1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]<br>
-1977841888[7fc789f5b040]: using REQ_DELEGATE<br>
-1977841888[7fc789f5b040]: service = <a moz-do-not-send="true"
href="http://ipaserver.example.com">ipaserver.example.com</a><br>
-1977841888[7fc789f5b040]: using negotiate-gss<br>
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()<br>
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()<br>
-1977841888[7fc789f5b040]:
nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]<br>
-1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()<br>
-1977841888[7fc789f5b040]: gss_init_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information<br>
SPNEGO cannot find mechanisms to negotiate<br>
-1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
[rv=80004005]<br>
<br>
[root@ds var]# klist<br>
Ticket cache: <a class="moz-txt-link-freetext" href="FILE:/tmp/krb5cc_0">FILE:/tmp/krb5cc_0</a><br>
Default principal: <a moz-do-not-send="true"
href="mailto:admin@EXAMPLE.COM">admin@EXAMPLE.COM</a><br>
<br>
Valid starting Expires Service principal<br>
05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/<a
moz-do-not-send="true" href="mailto:EXAMPLE.COM@EXAMPLE.COM">EXAMPLE.COM@EXAMPLE.COM</a><br>
05/14/12 13:53:58 05/15/12 13:50:30 HTTP/<a
moz-do-not-send="true"
href="mailto:ipaserver.example.com@EXAMPLE.COM">ipaserver.example.com@EXAMPLE.COM</a><br>
05/14/12 13:54:13 05/15/12 13:50:30 ldap/<a
moz-do-not-send="true"
href="mailto:ipaserver.example.com@EXAMPLE.COM">ipaserver.example.com@EXAMPLE.COM</a><br>
[root@ds var]# <br>
<br>
Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin<br>
<br>
at <a moz-do-not-send="true" href="http://fpaste.org/9hXX/">http://fpaste.org/9hXX/</a><br>
<br>
I am not sure what I am missing though. Appreciate any help.<br>
<br clear="all">
Thanks<br>
Chandan<br>
<br>
<br>
<br>
</blockquote>
<br>
Are you running FF on windows?<br>
Which version of IPA are you using?<br>
<br>
<br>
<blockquote
cite="mid:CAD=CKMDvgV=tO289-v9N8Er-eBFfqDd=qT83y-F2wh-s7ALhPw@mail.gmail.com"
type="cite">
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>