Brad Lodgen wrote:
Thanks for your reply. I'm not sure if it makes much difference, but I
forgot to say I'm using the 2.0 Alpha latest release.
I am using Windows 7. I downloaded the MIT Kerberos Client for Windows,
added my realm/domain, got my ticket, but I still get the same result. I
used the admin user and the user I added, both same results. I ran kinit on
both before trying, same result. I ran ipa user-find on both, both exist.
Same error message in Firefox, same blank page in IE, same error message on
Any suggestions to move forward?
Did you set this in about:config on your browser?
You might walso want to try this, though I'm not 100% sure if the
environment variables work the same way in Windows.
This should give us a client-side view of what the request is doing.
Do you have a Linux machine you can try from as a baseline test?
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Tuesday, April 20, 2010 12:26 PM
To: Brad Lodgen
Subject: Re: [Freeipa-users] Apache Error Immediately After Install
Brad Lodgen wrote:
I have a fresh install. All I've done is kinit admin and added a single
I browse to my ipa web server, log in, then get a blank page in IE and
in Firefox I get the page at /usr/share/ipa/html/unauthorized.html. I
checked the source code for the IE page and it's actually taking me to
the same page, just not showing any text. I changed to compatibility
mode, same thing. I did all the recommended changes in Firefox, but have
the same result.
This is in the Apache error log
[Tue Apr 20 11:48:54 2010] [error] [client X.X.X.X]
gss_accept_sec_context() failed: An unsupported mechanism was requested
(, Unknown error)
I tried logging in as admin and as a user I added. No luck.
Any ideas for things to try?
What OS are you running Firefox from?
The underlying problem is that you need to do kerberos authentication
from within the browser. This is possible in Windows if you install the
MIT kerberos client software.
For it to work natively in Windows you'd have to get a ticket as part of
a domain login which we don't support (and probably won't for a while).
Freeipa-users mailing list