On 7.7.2014 20:21, Erinn Looney-Triggs wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256On a RHEL 6.5 environment the IPA command line tools are failing me with the following: ipa ping ipa: ERROR: cannot connect to Gettext('any of the configured servers', domain='ipa', localedir=None): https://ipa.foo.com/ipa/xml, https://ipa2.foo.com/ipa/xml As well web access is failing to allow me to log in, either with kerberos tickets or via the login prompt, from the apache logs: [Mon Jul 07 18:15:29 2014] [error] ipa: INFO: 401 Unauthorized: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/[email protected] not found in Kerberos database)
I guess that something is wrong with host name resolution. You should not see names like ldap/localhost. The correct name is ldap/<fqdn>.
The problem could be similar to one described here: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a2.Serverldapsrv01EXAMPLE.COMnotfoundinKerberosdatabase Please double-check /etc/hosts, hostname and records in DNS. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
