On Mon, Mar 19, 2012 at 9:31 AM, Maciej Sawicki
<maciej.sawi...@polidea.pl> wrote:
> Hi,
> Today I setup free ipa on CentOS release 6.2. I configured my client
> machine, that is:
> 1. I edited my "/Library/Preferences/edu.mit.Kerberos" file so it has
> following content:
> [domain_realm]
>    polidea.pl = POLIDEA.PL
>    .polidea.pl = .POLIDEA.PL
> [libdefaults]
>    default_realm = POLIDEA.PL
>    dns_lookup_realm = true
>    dns_lookup_kdc = true
>    ticket_lifetime = 24h
>    forwardable = yes
> [realms]
>    POLIDEA.PL = {
>    admin_server = free-ipa.polidea.pl:749
>    default_domain = polidea.pl
>    kdc = free-ipa.polidea.pl:88
>    }
>
> [logging]
>    kdc = FILE:/var/log/krb5kdc/kdc.log
>    admin_server = FILE:/var/log/krb5kdc/kadmin.log
> I
>
> I run open /System/Library/Coreservices/Ticket\ Viewer.app and added
> ad...@polidea.pl identity (i get ticket so password is valid)
>
> also i configured my firefox like in this link:
> http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser
>
> Unfortunately when I try to login I get following error:
> "Your kerberos ticket is no longer valid. Please run kinit and then
> click 'Retry'. If this is your first time running the IPA Web UI
> follow these directions to configure your browser."
>
> my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's
> entries from today).
>
> I will appreciate any help.

I just edited /etc/krb5.conf on my mac and then kinit from command
line and you should see ticket in the Ticket Viewer app. From there,
you should be able to renew the ticket inside the app or from command
line. I did not touch the /Library/Preferences/edu.mit.Kerberos file
at all.

Steve

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to