Steven Jones wrote:

I have installed free-ipa on fedora 12...

Install documentation

Some issues...."3.2 To test your IPA installation",

3. Item should read "/usr/sbin/ipa-finduser admin" and not "/usr/bin/ipa user-find admin"

The command-line changed between 1.2 and 2.0. If you are using 1.2 (the default in Fedora 12) then the command is ipa-finduser. If you are running 2.0 (or more precisely one of the alphas named 1.9) then the command is ipa user-find.

You can determine the version you have with: rpm -q ipa-server

Admin documentation

"Using the Web Interface",

There is no explanation of how to do get to the user homepage....

I tried https://localhost:443

and I get a "Kerberos Authentication failed".....there is no workable documentation / indication on how to fix this....

In short, you need to configure your browser to do kerberos authentication, trust the IPA root CA and you need a kerberos ticket in order to connect.


    "Kerberos Authentication Failed

Unable to verify your Kerberos credentials. Please make sure that you have valid Kerberos tickets (obtainable via kinit), and that you have configured your browser correctly <>. If you are still unable to access the IPA Web interface, please contact the helpdesk on for additional assistance.

Import the IPA Certificate Authority <>.

You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.

You *must* reload this page after importing the Certificate Authority for the automatic settings to work


So I run kinit as a local user and get told....

"kinit: Client not found in Kerberos database while getting initial credentials"

Did you add your user as a user in IPA? You can always try getting a ticket as the admin user for testing (kinit admin).

So anyway I attempt to follow the instruction in the web browser window (as above) and keep getting the same thing when I restart Firefox.

So what next?



Thanks for the feedback.


Freeipa-users mailing list

Reply via email to