"[email protected]" <[email protected]> skrev:
Send Freeipa-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/freeipa-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeipa-users digest..."
Today's Topics:
1. Help regarding Basic FreeIPA setup (Chandan Kumar)
2. Problem Active Directory Synchronisation:
ipawinsyncuserflatten false (Adrien Rami)
----------------------------------------------------------------------
Message: 1
Date: Tue, 15 May 2012 07:35:39 -0700
From: Chandan Kumar <[email protected]>
To: Steven Jones <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: [Freeipa-users] Help regarding Basic FreeIPA setup
Message-ID:
<CAD=ckma+x48sjqqabo7slr++0fqs9wscohow5h+xeaqrzjs...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I am running the default Firefox that comes with centos 6.2 . I guess that
Whatever time I do kinit it just does not working for me even for single
time.
Also it shows as that I am logged in as [email protected].... In the main
back ground web page. Not sure whether it's relevant with this error.
On Monday, 14 May 2012, Steven Jones wrote:
> Hi,
>
>
>
> I have run it on Macosx and RHEL6.2, firefox and chrome, safari wont
> connect but thats a safari issue Im sure.
>
>
>
> After running "kinit admin" I find the kerberos ticket expires about 24
> hours later so you have to renew? What you can do if it simply wont
> work is get IPA to fall back to asking for a password, which is what I have
> had to set for Windows 7 firefox users.
>
>
>
> It might depend on which version of firefox, 3 and 10 do work......I think
> RH say firefox 10 is the long term supported version for them so I'd run
> that at least.
>
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
> ------------------------------
> *From:* [email protected] [[email protected]]
> on behalf of Chandan Kumar [[email protected]]
> *Sent:* Tuesday, 15 May 2012 9:25 a.m.
> *To:* [email protected]
> *Cc:* [email protected]
> *Subject:* Re: [Freeipa-users] Help regarding Basic FreeIPA setup
>
>
> System: Centos 6.2
> IPA version : ipa-server-2.1.3-9.el6.x86_64
>
>
> Thanks
> Chandan
>
>
>
>
>
> On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal <[email protected]> wrote:
>
>> **
>> On 05/14/2012 05:09 PM, Chandan Kumar wrote:
>>
>> I am a newbie in IPA and was experimenting it on my couple of VMs before
>> considering it for production level.
>>
>> Installation went fine, however, I am getting the kerberos key expiration
>> error at firefox. I am running firefox on the same machine where I have
>> installed/configured ipa-server. On googling and some help in IRC I checked
>> documentation to trouble shoot it as this appear to be a known problem.
>>
>> Moreover, I did follow
>>
>> http://freeipa.org/page/InstallAndDeploy
>> http://freeipa.org/page/TroubleshootingGuide
>>
>> Fire fox logs
>>
>> 1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
>> [rv=80004005]
>> -1977841888[7fc789f5b040]: using REQ_DELEGATE
>> -1977841888[7fc789f5b040]: service = ipaserver.example.com
>> -1977841888[7fc789f5b040]: using negotiate-gss
>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
>> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
>> [challenge=Negotiate]
>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
>> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS
>> failure. Minor code may provide more information
>> SPNEGO cannot find mechanisms to negotiate
>> -1977841888[7fc789f5b040]: leaving nsAuthGSSAPI::GetNextToken
>> [rv=80004005]
>>
>> [root@ds var]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: [email protected]
>>
>> Valid starting Expires Service principal
>> 05/14/12 13:50:32 05/15/12 13:50:30 krbtgt/[email protected]
>> 05/14/12 13:53:58 05/15/12 13:50:30 HTTP/
>> [email protected]
>> 05/14/12 13:54:13 05/15/12 13:50:30 ldap/
>> [email protected]
>> [root@ds var]#
>>
>> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
>>
>> at http://fpaste.org/9hXX/
>>
>> I am not sure what I am missing though. Appreciate any help.
>>
>> Thanks
>> Chandan
>>
>>
>>
>>
>> Are you running FF on windows?
>> Which version of IPA are you using?
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing
>> [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IPA project,
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> [email protected]
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
--
Sent from my iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/freeipa-users/attachments/20120515/c047ec25/attachment.html>
------------------------------
Message: 2
Date: Tue, 15 May 2012 17:46:15 +0200
From: Adrien Rami <[email protected]>
To: [email protected] <[email protected]>
Subject: [Freeipa-users] Problem Active Directory Synchronisation:
ipawinsyncuserflatten false
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
Hi all,
I introduce myself. I am Adrien Rami and I am Open Source developper.
I work on a project with FreeIPA and I try to sync an Active Directory with
FreeIPA, with the special case that I want to sync the Organisation Unit.
I set the ipawinsyncuserflatten on false but unfortunately it didn't work.
Is there a way to do this? If yes does someone do that and have some
information for me?
Best regards
Adrien Rami
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.redhat.com/archives/freeipa-users/attachments/20120515/278a9f84/attachment.html>
------------------------------
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
End of Freeipa-users Digest, Vol 46, Issue 57
*********************************************
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
