Hello Rob,

Yes, I did the configuration earlier today. And I did kinit too.
It seems the web UI loads really slowly - the circular thing can turn for 
minutes. So maybe I wasn't patient enough to let the page load.

I can ssh to the server and the client from my home, so I don't think there's 
another firewall blocking the connection.


> From: Rob Crittenden <rcrit...@redhat.com>
>To: george he <george_...@yahoo.com> 
>Cc: Petr Viktorin <pvikt...@redhat.com>; "freeipa-users@redhat.com" 
>Sent: Monday, June 18, 2012 11:51 AM
>Subject: Re: [Freeipa-users] is not an IPA v2 Server.
>george he wrote:
>> Hello all,
>> Here is some other information.
>> I'm setting this up for a lab in a university. The university has its
>> own kerberos server (and DNS server, which I use).
>> I'm not sure whether anybody has set a kerberos server for the
>> department, or some other labs used the department sub-domain.
>> But I'm sure the realm name is unique.
>> When I open the web UI on the server (firefox 13.0), I almost always get
>> this error:
>> Your Kerberos ticket is no longer valid. Please run kinit and then click
>> 'Retry'. If this is your first time running the IPA Web UI follow these
>> directions <https://cns2.psych.yale.edu/ipa/config/unauthorized.html> to
>> configure your browser.
>> Or you can use form-based authentication
>> <https://cns2.psych.yale.edu/ipa/ui/#>.
>> but I can use the form based authentication sometimes, not always.
>You need to configure the browser to do Kerberos single sign-on. There should 
>be a link in the failure message to take you to a page to help you configure 
>this. You also need to have done a kinit.
>I'm not sure why forms-based auth work work only sometimes, additional details 
>would be needed.
>I'm not sure why the server would be pingable from your client but HTTP 
>doesn't work. There may be another firewall blocking the packets on your 
Freeipa-users mailing list

Reply via email to