Hello Tevfik,

comments inline

On 11.9.2014 12:24, Tevfik Ceydeliler wrote:

Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those
command:

# scp /etc/krb5.conf r...@externalmachine.example.com:/etc/krb5_ipa.conf
and

I assume that you want to configure the machine without enrolling it as FreeIPA client. If not, I would suggest you enrolling it as a client using ipa-client-install. Then you don't have to do anything else except browser config.

Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf


vim /etc/httpd/conf.d/ipa.conf

and change this:

KrbMethodK5Passwd off  --> to --> KrbMethodK5Passwd on

FreeIPA's Web UI support forms-based auth so this is not usually needed.


and restart httpd.

Then nothing change. And then I rollback vim /etc/httpd/conf.d/ipa.conf

Now when I try to open Web UI I get An popup error:
"Service Unavailable"

run:

    ipactl status
or
    systemctl status httpd.service

or inspect

   /var/log/httpd/error_log

to find out if web server is running - might not be the case because of invalid modifications in /etc/httpd/conf.d/ipa.conf , reason should be in the log


Have you any idea?

--
Petr Vobornik

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to