I have a cactiEZ v0.6 server, and its actually running CentOS4.7. I wanted
to hook my cacti to my FreeIPA domain. I seam to have a number of issues I
can't actually work out with this machine and they appear to be related to
HTTP kerberos authentication.
I seam to be-able to authenticate to the machine locally using FreeIPA
without any major issues. I noticed one thing that seams odd to me is that
when I execute id as a user on C5 machine i see all my group membership,
when I login to the C4 machine and execute id I only see 1 group associate
for my user account and other user accounts have the same issue.
I want to access the machine by host and ip. I can authenticate via
hostname without a problem. When i attempt to access the machine via ip it
doesn't work. I have a C5 machine that doesn't have this problem, hostname
or ip i can authenticate.
When I attempt to access via the ip here is what shows in the apache logs:
[Mon Feb 08 17:23:04 2010] [error] [client 192.168.169.194]
krb5_sname_to_principal() failed: Cannot determine realm for numeric host
Here are the packages i installed:
[r...@wtw-man6 conf]# rpm -qa | grep mod_auth
Here is my apache auth configuration:
AuthName "Cacti login"
C4 seams to be running an older version of the mod_auth_kerb, and apache
when compared to C5. I suspect this is part of the issue I'm sure.
The other detail i'm having a problem with seams to be related to group
membership. On the C4 machine the require group or require ldap-group
doesn't seam to work at all. I really don't mind this as much, but if
anyone has any ideas i would love to hear what the solution is?
Freeipa-users mailing list