Hello Tevfik,

comments inline

On 11.9.2014 12:24, Tevfik Ceydeliler wrote:

Hi all,
I tried to do single sign on for FreeIPa Web UI according to "4.3.3.
Configuring the Browser"
I did browser side and then turn back to server side. And run those

# scp /etc/krb5.conf r...@externalmachine.example.com:/etc/krb5_ipa.conf

I assume that you want to configure the machine without enrolling it as FreeIPA client. If not, I would suggest you enrolling it as a client using ipa-client-install. Then you don't have to do anything else except browser config.

Why /etc/krb5_ipa.conf ?, it should be /etc/krb5.conf

vim /etc/httpd/conf.d/ipa.conf

and change this:

KrbMethodK5Passwd off  --> to --> KrbMethodK5Passwd on

FreeIPA's Web UI support forms-based auth so this is not usually needed.

and restart httpd.

Then nothing change. And then I rollback vim /etc/httpd/conf.d/ipa.conf

Now when I try to open Web UI I get An popup error:
"Service Unavailable"


    ipactl status
    systemctl status httpd.service

or inspect


to find out if web server is running - might not be the case because of invalid modifications in /etc/httpd/conf.d/ipa.conf , reason should be in the log

Have you any idea?

Petr Vobornik

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to