On to, 05 loka 2017, Jochen Hein via FreeIPA-users wrote:
Marius Bjørnstad via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> writes:
After I upgraded to FreeIPA 4.5 (on CentOS 7), I get an error "Login
failed due to an unknown reason" on the web UI, no matter if I use the
admin user or my personal user.
...
[Thu Oct 05 11:36:38.505372 2017] [:error] [pid 7424] [remote
192.168.1.48:244] CalledProcessError: Command '/usr/bin/kinit -n -c
/var/run/ipa/ccaches/armor_7424 -X
X509_anchors=FILE:/var/kerberos/krb5kdc/kdc.crt -X
X509_anchors=FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem' returned
non-zero exit status 1
Do you have krb5-pkinit installed? I think there is a dependency
missing. And I ran "ipa-pkinit-manage enable", but I don't remember if
it's needed for WebUI login.
Looking into RHEL/CentOS spec file, I see:
.....
%package server
Summary: The IPA authentication server
Group: System Environment/Base
.....
Requires(post): krb5-server >= %{krb5_version}
Requires(post): krb5-server >= %{krb5_base_version}, krb5-server <
%{krb5_base_version}.100
Requires: krb5-pkinit-openssl >= %{krb5_version}
.....
So there is an explicit dependency to krb5-pkinit-openssl which is
provided by krb5-pkinit.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
