On to, 05 loka 2017, Jochen Hein via FreeIPA-users wrote:
Marius Bjørnstad via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> writes:

After I upgraded to FreeIPA 4.5 (on CentOS 7), I get an error "Login
failed due to an unknown reason" on the web UI, no matter if I use the
admin user or my personal user.
[Thu Oct 05 11:36:38.505372 2017] [:error] [pid 7424] [remote] CalledProcessError: Command '/usr/bin/kinit -n -c
/var/run/ipa/ccaches/armor_7424 -X
X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X
X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem' returned
non-zero exit status 1

Do you have krb5-pkinit installed?  I think there is a dependency
missing.  And I ran "ipa-pkinit-manage enable", but I don't remember if
it's needed for WebUI login.
Looking into RHEL/CentOS spec file, I see:

%package server
Summary: The IPA authentication server
Group: System Environment/Base
Requires(post): krb5-server >= %{krb5_version}
Requires(post): krb5-server >= %{krb5_base_version}, krb5-server < 
Requires: krb5-pkinit-openssl >= %{krb5_version}

So there is an explicit dependency to krb5-pkinit-openssl which is
provided by krb5-pkinit.

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to