Nathan Lager wrote:
Hash: SHA1

On 04/20/2012 02:26 PM, Rob Crittenden wrote:
Have you configured the browser for Kerberos?

That error seems to indicate that the domain isn't defined in



I've been through the clicky-clicky that ipa's web gui sends you
through (accepting the certs, and configuring the browser), a number
of times.  I just confirmed the trusted uri's and delegation uris.
They are both correct, they look like:

I even tried resetting delegation-uris, and trusted-uri's to the
default, and then allowing the ipa web gui to re-configure them, it
hasnt helped.

Thanks for the response.  Sorry for the delay in mine.

Hmm, that is very strange. The code in question in Firefox looks like:

        bool allowed = TestPref(uri, kNegotiateAuthTrustedURIs);
        if (!allowed) {
            LOG(("nsHttpNegotiateAuth::ChallengeReceived URI blocked\n"));
            return NS_ERROR_ABORT;

which seems to be the error you are seeing. It's a shame there isn't more logging around the uris.

I see that you had enabled debug logging on the Apache side. Can you provide some more context on the failed request?



Freeipa-users mailing list

Reply via email to