So I followed the directions to add it to my dev freeipa servers, restarted the 
httpd.  But when I go to log in  at https://myserver/idp as admin or myself, I 
get 401 Unauthorized no matter what.  This is what I need to install the server:
sudo ipsilon-server-install --openid --saml2 yes --ipa yes --info-nss yes

I see this in /var/log/messages:May 17 14:34:04 freeipa01-dev 
[sssd[ldap_child[9215]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:34:04 freeipa01-dev 
[sssd[ldap_child[9217]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:35:11 freeipa01-dev 
[sssd[ldap_child[9219]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:35:11 freeipa01-dev 
[sssd[ldap_child[9221]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:36:26 freeipa01-dev 
[sssd[ldap_child[9223]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:36:26 freeipa01-dev 
[sssd[ldap_child[9224]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:37:32 freeipa01-dev 
[sssd[ldap_child[9228]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:37:32 freeipa01-dev 
[sssd[ldap_child[9230]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:38:36 freeipa01-dev 
[sssd[ldap_child[9238]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:38:36 freeipa01-dev 
[sssd[ldap_child[9240]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:39:37 freeipa01-dev 
[sssd[ldap_child[9243]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.May 17 14:39:37 freeipa01-dev 
[sssd[ldap_child[9245]]]: Failed to initialize credentials using keytab 
[MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create 
GSSAPI-encrypted LDAP connection.
This is what is in /var/log/http/error_log:[Thu May 17 13:55:56.263306 2018] 
[authnz_pam:warn] [pid 8829] [client 10.1.6.250:50562] PAM authentication 
failed for user andrew.meyer: Authentication failure, referer: 
https://freeipa01-dev.example.local/idp/login/gssapi/negotiate?ipsilon_transaction_id=fe82e294-370f-4dfa-805d-01082b021a96[Thu
 May 17 13:55:59.673795 2018] [auth_gssapi:error] [pid 8829] [client 
10.1.6.250:50562] NO AUTH DATA Client did not send any authentication headers, 
referer: https://freeipa01-dev.example.local/idp/login/form[Thu May 17 
13:56:05.735790 2018] [authnz_pam:warn] [pid 8829] [client 10.1.6.250:50562] 
PAM authentication failed for user admin: Error in service module, referer: 
https://freeipa01-dev.example.local/idp/login/gssapi/negotiate?ipsilon_transaction_id=cc8808fc-c9b0-4d9e-b3da-4b01ba7e823b[Thu
 May 17 13:56:08.232387 2018] [auth_gssapi:error] [pid 8829] [client 
10.1.6.250:50562] NO AUTH DATA Client did not send any authentication headers, 
referer: https://freeipa01-dev.example.local/idp/login/form[Thu May 17 
13:56:14.206573 2018] [auth_gssapi:error] [pid 8829] [client 10.1.6.250:50562] 
NO AUTH DATA Client did not send any authentication headers, referer: 
https://freeipa01-dev.example.local/idp/login/gssapi/negotiate?ipsilon_transaction_id=096ef2ce-e43e-488e-8421-533c90b4714a[Thu
 May 17 14:39:17.674883 2018] [auth_gssapi:error] [pid 8830] [client 
10.1.6.250:51742] NO AUTH DATA Client did not send any authentication headers, 
referer: https://freeipa01-dev.example.local/idp/[Thu May 17 14:39:21.039126 
2018] [auth_gssapi:error] [pid 8830] [client 10.1.6.250:51742] NO AUTH DATA 
Client did not send any authentication headers, referer: 
https://freeipa01-dev.example.local/idp/[Thu May 17 14:39:32.032374 2018] 
[authnz_pam:warn] [pid 8830] [client 10.1.6.250:51742] PAM authentication 
failed for user admin: Error in service module, referer: 
https://freeipa01-dev.example.local/idp/login/gssapi/negotiate?ipsilon_transaction_id=94fe5ec3-1608-4977-840a-8b186f4eee28

 

    On Thursday, May 17, 2018 2:25 PM, Alexander Bokovoy via FreeIPA-users 
<freeipa-users@lists.fedorahosted.org> wrote:
 

 On to, 17 touko 2018, Andrew Meyer via FreeIPA-users wrote:
>Has anyone installed this on their prod FreeIPA installation?  I need
>to hook FreeIPA into some other auth systems that don't support LDAP.
I'm using FreeIPA with Ipsilon for quite a few years for my home setup.
I even added integration for Ipsilon to HackMD:
https://github.com/hackmdio/hackmd/pull/732


-- 
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/Z6M4UWGBYZANLDZ5HPJCPWUHWVAI5T2Q/


   
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/AZZ4LAUNDEYLHBVJDWZMS4AXRWDFOSD3/

Reply via email to