On Fri, Mar 6, 2015 at 1:28 AM, Martin Kosek <mko...@redhat.com> wrote:

> On 03/06/2015 02:38 AM, Dan Mossor wrote:
>
>>
>>
>> On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <d...@redhat.com
>> <mailto:d...@redhat.com>> wrote:
>>
>>     http://i.imgur.com/mhX86Ng.png
>>
>>     It should show up if you do not have a ticket. Destroy the ticket on
>> the
>>     client and try  to access the server via browser, you should be
>> redirected.
>>
>>     --
>>     Thank you,
>>     Dmitri Pal
>>
>>     Sr. Engineering Manager IdM portfolio
>>     Red Hat, Inc.
>>
>> Ok then, that is the page that keeps returning. I've tried from this
>> workstation using Konquerer, which does not support Kerberos, I've from
>> from
>> Internet Explorer on a Windows 7 Professional desktop, and I've tried
>> from a
>> Fedora 21 system that is not enrolled in the domain. I get the exact same
>> response with every attempt.
>>
>> One additional step I attempted to take was to change the admin password
>> on the
>> IPA server. I am getting a ldap_sasl_interactive_bind_s: Unknown
>> authentication
>> method (-6) error back.
>>
>> I think this installation is hosed. I am ready to wipe and start over from
>> scratch tomorrow. I've already wasted 16 hours on it.
>>
>
> Sorry to hear that. But I think you should start taking gradual steps in
> your testing and trying to make Web UI over GSSAPI work. I would suggest
> this procedure:
>
> 1) Can I "kinit admin" and run CLI command ("ipa user-show admin")? If
> yes, basic FreeIPA is functioning. Run kdestroy to get rid of Kerberos.
>
> 2) Can I login with form basic auth to my FreeIPA? If not, did you verify
> all the items in http://www.freeipa.org/page/Troubleshooting#Cannot_
> authenticate_to_Web_UI ? Did you try logging with form based auth in
> FreeIPA public demo for example (user "admin", password "Secret123"):
>
> https://ipa.demo1.freeipa.org/ipa/ui/
>
> If not, we can dig further. If yes, you can continue with kinit + SSO for
> the Web UI.
>
Martin, Dmitri,

Thanks for your help, but I've taken every step available on the page you
linked. I just checked this morning before I started over, and on the
server I can kinit as admin and run ipa user-show admin. The ipa tools are
not on my workstation. I then ran kdestroy on both the server and
workstation, and the error remains when logging in to the web UI - it
returns me to the screen I showed above in the link to the screenshot.

Regards,
Dan
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to