Hello all,

Here is some other information.

I'm setting this up for a lab in a university. The university has its own 
kerberos server (and DNS server, which I use). 

I'm not sure whether anybody has set a kerberos server for the department, or 
some other labs used the department sub-domain.
But I'm sure the realm name is unique.

When I open the web UI on the server (firefox 13.0), I almost always get this 
error:
Your Kerberos ticket is no longer valid. Please run kinit and 
then click 'Retry'. If this is your first time running the IPA Web UI follow 
these directions to configure your browser.
Or you can use form-based authentication.
but I can use the form based authentication sometimes, not always.

Thanks,
George



>________________________________
> From: Petr Viktorin <pvikt...@redhat.com>
>To: george he <george_...@yahoo.com> 
>Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com> 
>Sent: Monday, June 18, 2012 10:47 AM
>Subject: Re: [Freeipa-users] is not an IPA v2 Server.
> 
>Hi,
>If you run the wget manually (downloading to an existing directory 
>instead of /tmp/tmpjibrhe), do you get the same error?
>
>Can you connect to the web UI from the client?
>
>
>On 06/18/2012 04:12 PM, george he wrote:
>> Hello Petr,
>> I can ping or ssh to myserver with no problem.
>> btw, here are the ports I opened:
>> iptables -A INPUT -p tcp --dport 80 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 443 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 389 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 636 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 88 -j ACCEPT
>> iptables -A INPUT -p udp --dport 88 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 464 -j ACCEPT
>> iptables -A INPUT -p udp --dport 464 -j ACCEPT
>> iptables -A INPUT -p tcp --dport 53 -j ACCEPT
>> iptables -A INPUT -p udp --dport 53 -j ACCEPT
>> iptables -A INPUT -p udp --dport 123 -j ACCEPT
>> Thanks,
>> George
>>
>>     ------------------------------------------------------------------------
>>     *From:* Petr Viktorin <pvikt...@redhat.com>
>>     *To:* "freeipa-users@redhat.com" <freeipa-users@redhat.com>
>>     *Cc:* george he <george_...@yahoo.com>
>>     *Sent:* Monday, June 18, 2012 10:06 AM
>>     *Subject:* Re: [Freeipa-users] is not an IPA v2 Server.
>>
>>     On 06/18/2012 03:44 PM, george he wrote:
>>      > Hello all,
>>      >
>>      > here is the error message from /var/log/ipaclient-install.log on the
>>      > client machine:
>>      >
>>      > Connecting to myserver|myserver ip|:80... failed: No route to host.
>>      > Retrieving CA from myserver failed.
>>      > Command '/usr/bin/wget -O /tmp/tmpjibrhe/ca.crt -T 15 -t 2
>>      > http://myserver/ipa/config/ca.crt'
>>     <http://myserver/ipa/config/ca.crt%27> returned non-zero exit status 4
>>
>>     Seems like a routing issue. Can you ping myserver from the client
>>     machine?
>>
>>
>>      > but httpd seems running on myserver and port 80 is open.
>>      > # systemctl status httpd.service
>>      > httpd.service - The Apache HTTP Server (prefork MPM)
>>      > Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
>>      > Active: active (running) since Sun, 17 Jun 2012 11:17:07 -0400;
>>     22h ago
>>      > Process: 16225 ExecStop=/usr/sbin/httpd $OPTIONS -k stop
>>     (code=exited,
>>      > status=0/SUCCESS)
>>      > Process: 16230 ExecStart=/usr/sbin/httpd $OPTIONS -k start
>>     (code=exited,
>>      > status=0/SUCCESS)
>>      > Main PID: 16233 (httpd)
>>      > CGroup: name=systemd:/system/httpd.service
>>      > ├ 16231 /usr/sbin/nss_pcache 1212421 off /etc/httpd/alias
>>      > ├ 16233 /usr/sbin/httpd -k start
>>      > ├ 16236 /usr/sbin/httpd -k start
>>      > ├ 16237 /usr/sbin/httpd -k start
>>      > ├ 16238 /usr/sbin/httpd -k start
>>      > ├ 16239 /usr/sbin/httpd -k start
>>      > ├ 16240 /usr/sbin/httpd -k start
>>      > ├ 16241 /usr/sbin/httpd -k start
>>      > ├ 16242 /usr/sbin/httpd -k start
>>      > ├ 16243 /usr/sbin/httpd -k start
>>      > ├ 16244 /usr/sbin/httpd -k start
>>      > └ 16245 /usr/sbin/httpd -k start
>>      > I have been working on this for days to set this thing up. Any
>>     help will
>>      > be very appreciated.
>>      > George
>>      >
>>      >
>>     ------------------------------------------------------------------------
>>      > *From:* george he <george_...@yahoo.com
>>     <mailto:george_...@yahoo.com>>
>>      > *To:* "freeipa-users@redhat.com
>>     <mailto:freeipa-users@redhat.com>" <freeipa-users@redhat.com
>>     <mailto:freeipa-users@redhat.com>>
>>      > *Sent:* Saturday, June 16, 2012 4:02 PM
>>      > *Subject:* is not an IPA v2 Server.
>>      >
>>      > Hello all,
>>      >
>>      > I'm trying to install freeipa for a small lab with <10 computers,
>>      > all running fedora 17.
>>      > I seemed to have installed ipa server (without DNS) successfully,
>>      >
>>      > # ipactl status
>>      > Directory Service: RUNNING
>>      > KDC Service: RUNNING
>>      > KPASSWD Service: RUNNING
>>      > MEMCACHE Service: RUNNING
>>      > HTTP Service: RUNNING
>>      > CA Service: RUNNING
>>      >
>>      > but when I try to run ipa-client-install on a client machine, I get
>>      > this error message:
>>      >
>>      > <server.my.edu <http://server.my.edu/> <http://server.my.edu/>>
>>     is not an IPA v2 Server.
>>      > Installation failed. Rolling back changes.
>>      > IPA client is not configured on this system.
>>      >
>>      > what am I missing?
>>      > ps, I'm following the instructions here:
>>      >
>>    
>>https://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
>>      > Thanks,
>>      > George
>>      >
>>      >
>>      >
>>      >
>>      >
>>      > _______________________________________________
>>      > Freeipa-users mailing list
>>      > Freeipa-users@redhat.com <mailto:Freeipa-users@redhat.com>
>>      > https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>     --
>>     Petr³
>>
>>
>
>
>-- 
>Petr³
>
>
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to