forget to mention that the server is installed by following this
and the client has the same ports open as the server.

> From: george he <>
>To: Rob Crittenden <> 
>Cc: "" <> 
>Sent: Monday, June 18, 2012 1:41 PM
>Subject: Re: [Freeipa-users] is not an IPA v2 Server.
>Hi Rob,
>I was just thinking it's very unlikely the university would block http 
>connections from inside, but not ssh from outside. but I'll contact our ITS 
>BTW, I am new to this LDAP and Kerberos thing, and I just followed the steps 
>outlined here 
>There may be some steps that are obvious to people know these things and they 
>are not listed in the document, then I could have missed them.
>> From: Rob Crittenden <>
>>To: george he <> 
>>Cc: Petr Viktorin <>; "" 
>>Sent: Monday, June 18, 2012 1:28 PM
>>Subject: Re: [Freeipa-users] is not an IPA v2 Server.
>>george he wrote:
>>> Hello Rob,
>>> Yes, I did the configuration earlier today. And I did kinit too.
>>> It seems the web UI loads really slowly - the circular thing can turn
>>> for minutes. So maybe I wasn't patient enough to let the page load.
>>A fair bit of javascript is loaded the very first time you visit IPA, 
>>that can be slow. Otherwise it should be relatively quick. Not minutes 
>>> I can ssh to the server and the client from my home, so I don't think
>>> there's another firewall blocking the connection.
>>Different ports and that isn't the client talking to the server, it is 
>>you talking to the client and to the server. This is definitely some 
>>sort of networking problem, though "no route to host" is rather odd 
>>since you can ping. You might also look at the iptables configuration on 
>>the client.
>>> Thanks,
>>> George
>>>     *From:* Rob Crittenden <>
>>>     *To:* george he <>
>>>     *Cc:* Petr Viktorin <>;
>>>     "" <>
>>>     *Sent:* Monday, June 18, 2012 11:51 AM
>>>     *Subject:* Re: [Freeipa-users] is not an IPA v2 Server.
>>>     george he
>>>      > Hello all,
>>>      >
>>>      > Here is some other information.
>>>      > I'm setting this up for a lab in a university. The university has its
>>>      > own kerberos server (and DNS server, which I use).
>>>      > I'm not sure whether anybody has set a kerberos server for the
>>>      > department, or some other labs used the department sub-domain.
>>>      > But I'm sure the realm name is unique.
>>>      >
>>>      > When I open the web UI on the server (firefox 13.0), I almost
>>>     always get
>>>      > this error:
>>>      > Your Kerberos ticket is no longer valid. Please run kinit and
>>>     then click
>>>      >
 'Retry'. If this is your first time running the IPA Web UI follow
>>>     these
>>>      > directions
>>>     <> to
>>>      > configure your browser.
>>>      > Or you can use form-based authentication
>>>      > <>.
>>>      > but I can use the form based authentication sometimes, not always.
>>>     You need to configure the browser to do Kerberos single sign-on.
>>>     There should be a link in the failure message to take you to a page
>>>     to help you configure this. You also need to have done a
>>>     I'm not sure why forms-based auth work work only sometimes,
>>>     additional details would be needed.
>>>     I'm not sure why the server would be pingable from your client but
>>>     HTTP doesn't work. There may be another firewall blocking the
>>>     packets on your network.
>>>     rob
>Freeipa-users mailing list
Freeipa-users mailing list

Reply via email to