On Tue, 2014-07-08 at 08:59 +0200, Petr Spacek wrote: > On 7.7.2014 20:21, Erinn Looney-Triggs wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > On a RHEL 6.5 environment the IPA command line tools are failing me > > with the following: > > > > ipa ping > > ipa: ERROR: cannot connect to Gettext('any of the configured servers', > > domain='ipa', localedir=None): https://ipa.foo.com/ipa/xml, > > https://ipa2.foo.com/ipa/xml > > > > As well web access is failing to allow me to log in, either with > > kerberos tickets or via the login prompt, from the apache logs: > > [Mon Jul 07 18:15:29 2014] [error] ipa: INFO: 401 Unauthorized: > > Insufficient access: SASL(-1): generic failure: GSSAPI Error: > > Unspecified GSS failure. Minor code may provide more information > > (Server ldap/localh...@abaqis.com not found in Kerberos database) > > I guess that something is wrong with host name resolution. You should not see > names like ldap/localhost. The correct name is ldap/<fqdn>.
Usually the problem is having somthing like this in /etc/hosts: 127.0.0.1 localhost my.real.domain.name Do not put your real name on the same line as localhost or you'll get back "localhost" as the "canonical" name and nothing will work. > The problem could be similar to one described here: > https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a2.Serverldapsrv01EXAMPLE.COMnotfoundinKerberosdatabase > > Please double-check /etc/hosts, hostname and records in DNS. > > -- > Petr^2 Spacek > -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project