roland.kae...@intersoft-networks.ch wrote:
Hello

I just installed freeipa on scientific linux 6.1. Installation worked
find so far but I cannot logon to the web interface.
Firefox is configured with the ca cert and single sign on settings.
Login as admin via ssh works fine and I get the valid
ticket.
But when I open the ipa web interface I get only: Your kerberos ticket
is no longer valid. Please run kinit and then click 'Retry'.

In the titlebar I see : "_Logged in as: *u...@freeipa.org*_**
<https://freeipa.intersoft-networks.ch/ipa/ui/#>"


This is a bit strange to me I cannot see where this error comes from.
Has someone a hint for me


Regards

Roland

On the server side you can increase debug output by setting LogLevel to debug in /etc/httpd/conf.d/nss.conf and restarting or you can troubleshoot it from the client side by looking at:

https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Troubleshooting-UI.html

One important factor is that you are going to the server that we created a web principal for. If your server has a CNAME, for example, you have to use the A record. We do a fair bit of redirecting using mod_rewrite to be sure you get to the right host but it isn't perfect.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to