On Wed, Feb 27, 2013 at 11:52:42AM +0100, Petr Spacek wrote:
> On 27.2.2013 11:34, Jan-Frode Myklebust wrote:
> >
> >I have a similar problem getting a couple of RHEL 6.4 clients working
> >with a 6.3 server (ipa-server-2.2.0-17.el6_3.1.x86_64). When doing the
> >ipa-client-install I get:
> >
> >     * gss_init_sec_context() failed: : Request is a replay< 
> > WWW-Authenticate: Negotiate
> This is very suspicious. Could you double check time on all servers
> and the client?

The cause of this problem was that the router ACL was dropping the
kerberos return traffic from the ipa server. We had opening from client
to ipa-server port 88/udp, but not from ipa-server 88/udp to client high
port.



  -jf

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to