Steven Jones wrote:
Hi,

I have installed free-ipa on fedora 12...

Install documentation

Some issues...."3.2 To test your IPA installation",

3. Item should read "/usr/sbin/ipa-finduser admin" and not "/usr/bin/ipa user-find admin"

The command-line changed between 1.2 and 2.0. If you are using 1.2 (the default in Fedora 12) then the command is ipa-finduser. If you are running 2.0 (or more precisely one of the alphas named 1.9) then the command is ipa user-find.

You can determine the version you have with: rpm -q ipa-server


Admin documentation

1.1.1.1

"Using the Web Interface",

There is no explanation of how to do get to the user homepage....

I tried https://localhost:443

and I get a "Kerberos Authentication failed".....there is no workable documentation / indication on how to fix this....

http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/sect-Installation_and_Deployment_Guide-Setting_up_the_IPA_Server-Configuring_Your_Browser.html

In short, you need to configure your browser to do kerberos authentication, trust the IPA root CA and you need a kerberos ticket in order to connect.

===============


    "Kerberos Authentication Failed

Unable to verify your Kerberos credentials. Please make sure that you have valid Kerberos tickets (obtainable via kinit), and that you have configured your browser correctly <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ssbrowser.html>. If you are still unable to access the IPA Web interface, please contact the helpdesk on for additional assistance.

Import the IPA Certificate Authority <https://vuwunicofedipa1.vuw.ac.nz/ipa/errors/ca.crt>.

You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.

You *must* reload this page after importing the Certificate Authority for the automatic settings to work

=============

So I run kinit as a local user and get told....

"kinit: Client not found in Kerberos database while getting initial credentials"

Did you add your user as a user in IPA? You can always try getting a ticket as the admin user for testing (kinit admin).

So anyway I attempt to follow the instruction in the web browser window (as above) and keep getting the same thing when I restart Firefox.

So what next?

regards

Steven

Thanks for the feedback.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to