On 03/06/2015 02:38 AM, Dan Mossor wrote:

On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <d...@redhat.com
<mailto:d...@redhat.com>> wrote:


    It should show up if you do not have a ticket. Destroy the ticket on the
    client and try  to access the server via browser, you should be redirected.

    Thank you,
    Dmitri Pal

    Sr. Engineering Manager IdM portfolio
    Red Hat, Inc.

Ok then, that is the page that keeps returning. I've tried from this
workstation using Konquerer, which does not support Kerberos, I've from from
Internet Explorer on a Windows 7 Professional desktop, and I've tried from a
Fedora 21 system that is not enrolled in the domain. I get the exact same
response with every attempt.

One additional step I attempted to take was to change the admin password on the
IPA server. I am getting a ldap_sasl_interactive_bind_s: Unknown authentication
method (-6) error back.

I think this installation is hosed. I am ready to wipe and start over from
scratch tomorrow. I've already wasted 16 hours on it.

Sorry to hear that. But I think you should start taking gradual steps in your testing and trying to make Web UI over GSSAPI work. I would suggest this procedure:

1) Can I "kinit admin" and run CLI command ("ipa user-show admin")? If yes, basic FreeIPA is functioning. Run kdestroy to get rid of Kerberos.

2) Can I login with form basic auth to my FreeIPA? If not, did you verify all the items in http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI ? Did you try logging with form based auth in FreeIPA public demo for example (user "admin", password "Secret123"):


If not, we can dig further. If yes, you can continue with kinit + SSO for the Web UI.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to