Sorry, I accidentally deleted your post.
I am resending it.


Greetings all:
Turned out to be webservice getting reconfigured out from under me.  We
didn't know that the management interface website was necessary for the
command-line management tools.
This raises a couple more questions:
1) Is the free-ipa website needed only for management (i.e.: changes) to
the IPA (e.g.: user additions, password changes, service deletions,
etc.), or is it required for the fundamental workings of authentication
-- we think this unlikely as this should be handled by kerberos/ldap,
etc., and we were able to auth while the website was down.
2) What is the simplest way to configure the free-ipa website for
command-line only usage -- is there a stand-alone daemon we can run for
the free-ipa command-line utilities to work so we need not worry about
free-ipa in our apache configs?
3) It is worthy of mention that we do have redundant configuration
between two servers, and will need them to be able to propogate changes
across -- is the free-ipa website in any way related to this, or is this
entirely handled by internal kerberos/ldap faculties?


> Greetings all: 
> I'm thinking I just have to bounce something (or maybe it's been long
> enough that I'm running the command wrong, but I don't think so). 
> Note that I show the error when not authenticated, and that I can
> authenticate without error: 
> [r...@sandbox1 ~]# ipa-finduser admin
> Could not initialize GSSAPI: Unspecified GSS failure.  Minor code may
> provide more information/Ticket expired
> [r...@sandbox1 ~]# kinit admin -k -t krb5.keytab
> [r...@sandbox1 ~]# ipa-finduser admin
> Unable to connect to IPA server: File Not Found 
> I assume that the "File Not Found" is simply a poor error message. 
> Any insight into what I need to do to fix this? 
> I tried bouncing [ns-]ldap/dirsrv just in case that was the source of
> our problem. 
> NOTE:  We also use coda, and it has no difficulty authenticating to
> [IPA] kerberos (though we are having an odd UID issue with non-admin
> users which prompted the attempt to run some ipa-finduser queries). 
> Your assistance in this matter is greatly appreciated. 
> Regards,
> -Don
> {void} 
> _______________________________________________
> Freeipa-users mailing list

Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to