On 7.7.2014 20:21, Erinn Looney-Triggs wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On a RHEL 6.5 environment the IPA command line tools are failing me
with the following:

ipa ping
ipa: ERROR: cannot connect to Gettext('any of the configured servers',
domain='ipa', localedir=None): https://ipa.foo.com/ipa/xml,
https://ipa2.foo.com/ipa/xml

As well web access is failing to allow me to log in, either with
kerberos tickets or via the login prompt, from the apache logs:
[Mon Jul 07 18:15:29 2014] [error] ipa: INFO: 401 Unauthorized:
Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure.  Minor code may provide more information
(Server ldap/localh...@abaqis.com not found in Kerberos database)

I guess that something is wrong with host name resolution. You should not see names like ldap/localhost. The correct name is ldap/<fqdn>.

The problem could be similar to one described here:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a2.Serverldapsrv01EXAMPLE.COMnotfoundinKerberosdatabase

Please double-check /etc/hosts, hostname and records in DNS.

--
Petr^2 Spacek

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to