On Fri, 2015-02-20 at 11:44 +0100, Gianluca Cecchi wrote:
> On Fri, Feb 20, 2015 at 10:53 AM, Petr Vobornik <pvobo...@redhat.com> wrote:
> > On 02/20/2015 09:44 AM, Martin Kosek wrote:
> >> On 02/20/2015 02:00 AM, Dan Mossor wrote:
> >>> I just installed a new server on Fedora 21 Server, using the rolekit
> >>> deployment
> >>> tool. Everything was installed and configured (I hope) properly, but I'm
> >>> running into a problem. The version is
> >>> freeipa-server-4.1.2-1.fc21.x86_64, and
> >>> I can connect to the WebUI only after a restart of ipa.service.
> I actually have quite similar problems in CentOS 7 too,
> with ipa-server-3.3.3-28.0.1.el7.centos.3.x86_64 and related packages
> SO the same behavior that if I restart ipa service I'm able to connect
> (thanks btw, I didn't realize that, having big problems using the WebUI)
> and that my errors are of this type
> [Fri Feb 20 10:32:15.850834 2015] [auth_kerb:error] [pid 2029] [client
> 192.168.1.128:50147] gss_accept_sec_context() failed: An unsupported
> mechanism was requested (, Unknown error), referer:
> [Fri Feb 20 10:32:22.670791 2015] [auth_kerb:error] [pid 15793] [client
> 192.168.1.128:50150] krb5_get_init_creds_password() failed: Decrypt
> integrity check failed, referer: https://c7server.localdomain.local/ipa/ui/
> This happens both from an external browser (I enabled form authentication)
> and from a firefox session launched from the ipa server itself after
> configuring it for kerberos.
> I don't want to mess with this thread so let me know if I have to open a
> dedicated thread specifying for example CentOS 7 or you think it is ok to
> get in here... so that I paste here other relevant info.
This is a completely different problem, it just means you do not have
appropriate tickets in your browser, which then probably prroceeds
trying to use the IAKERB mechanism, and fails.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project