Steven Jones wrote:
Hi,
I have installed free-ipa on fedora 12...
Install documentation
Some issues...."3.2 To test your IPA installation",
3. Item should read "/usr/sbin/ipa-finduser admin" and not
"/usr/bin/ipa user-find admin"
The command-line changed between 1.2 and 2.0. If you are using 1.2 (the
default in Fedora 12) then the command is ipa-finduser. If you are
running 2.0 (or more precisely one of the alphas named 1.9) then the
command is ipa user-find.
You can determine the version you have with: rpm -q ipa-server
Admin documentation
1.1.1.1
"Using the Web Interface",
There is no explanation of how to do get to the user homepage....
I tried https://localhost:443
and I get a "Kerberos Authentication failed".....there is no workable
documentation / indication on how to fix this....
http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html
In short, you need to configure your browser to do kerberos
authentication, trust the IPA root CA and you need a kerberos ticket in
order to connect.
===============
"Kerberos Authentication Failed
Unable to verify your Kerberos credentials. Please make sure that you
have valid Kerberos tickets (obtainable via kinit), and that you have
configured your browser correctly
<https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ssbrowser.html>. If you
are still unable to access the IPA Web interface, please contact the
helpdesk on for additional assistance.
Import the IPA Certificate Authority
<https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ca.crt>.
You can automatically configure your browser to work with Kerberos by
importing the Certificate Authority above and clicking on the Configure
Browser button.
You *must* reload this page after importing the Certificate Authority
for the automatic settings to work
=============
So I run kinit as a local user and get told....
"kinit: Client not found in Kerberos database while getting initial
credentials"
Did you add your user as a user in IPA? You can always try getting a
ticket as the admin user for testing (kinit admin).
So anyway I attempt to follow the instruction in the web browser window
(as above) and keep getting the same thing when I restart Firefox.
So what next?
regards
Steven
Thanks for the feedback.
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
