On Tue, 2014-07-08 at 08:59 +0200, Petr Spacek wrote:
> On 7.7.2014 20:21, Erinn Looney-Triggs wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On a RHEL 6.5 environment the IPA command line tools are failing me
> > with the following:
> >
> > ipa ping
> > ipa: ERROR: cannot connect to Gettext('any of the configured servers',
> > domain='ipa', localedir=None): https://ipa.foo.com/ipa/xml,
> > https://ipa2.foo.com/ipa/xml
> >
> > As well web access is failing to allow me to log in, either with
> > kerberos tickets or via the login prompt, from the apache logs:
> > [Mon Jul 07 18:15:29 2014] [error] ipa: INFO: 401 Unauthorized:
> > Insufficient access: SASL(-1): generic failure: GSSAPI Error:
> > Unspecified GSS failure.  Minor code may provide more information
> > (Server ldap/localh...@abaqis.com not found in Kerberos database)
> 
> I guess that something is wrong with host name resolution. You should not see 
> names like ldap/localhost. The correct name is ldap/<fqdn>.

Usually the problem is having somthing like this in /etc/hosts:

127.0.0.1 localhost my.real.domain.name

Do not put your real name on the same line as localhost or you'll get
back "localhost" as the "canonical" name and nothing will work.

> The problem could be similar to one described here:
> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a2.Serverldapsrv01EXAMPLE.COMnotfoundinKerberosdatabase
> 
> Please double-check /etc/hosts, hostname and records in DNS.
> 
> -- 
> Petr^2 Spacek
> 


-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to