On 03/06/2015 09:26 AM, Dan Mossor wrote:
On Fri, Mar 6, 2015 at 1:28 AM, Martin Kosek <[email protected]
<mailto:[email protected]>> wrote:
On 03/06/2015 02:38 AM, Dan Mossor wrote:
On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <[email protected]
<mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>> wrote:
http://i.imgur.com/mhX86Ng.png
It should show up if you do not have a ticket. Destroy the
ticket on the
client and try to access the server via browser, you
should be redirected.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Ok then, that is the page that keeps returning. I've tried
from this
workstation using Konquerer, which does not support Kerberos,
I've from from
Internet Explorer on a Windows 7 Professional desktop, and
I've tried from a
Fedora 21 system that is not enrolled in the domain. I get the
exact same
response with every attempt.
One additional step I attempted to take was to change the
admin password on the
IPA server. I am getting a ldap_sasl_interactive_bind_s:
Unknown authentication
method (-6) error back.
I think this installation is hosed. I am ready to wipe and
start over from
scratch tomorrow. I've already wasted 16 hours on it.
Sorry to hear that. But I think you should start taking gradual
steps in your testing and trying to make Web UI over GSSAPI work.
I would suggest this procedure:
1) Can I "kinit admin" and run CLI command ("ipa user-show
admin")? If yes, basic FreeIPA is functioning. Run kdestroy to get
rid of Kerberos.
2) Can I login with form basic auth to my FreeIPA? If not, did you
verify all the items in
http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
? Did you try logging with form based auth in FreeIPA public demo
for example (user "admin", password "Secret123"):
https://ipa.demo1.freeipa.org/ipa/ui/
If not, we can dig further. If yes, you can continue with kinit +
SSO for the Web UI.
Martin, Dmitri,
Thanks for your help, but I've taken every step available on the page
you linked. I just checked this morning before I started over, and on
the server I can kinit as admin and run ipa user-show admin. The ipa
tools are not on my workstation. I then ran kdestroy on both the
server and workstation, and the error remains when logging in to the
web UI - it returns me to the screen I showed above in the link to the
screenshot.
Regards,
Dan
From your workstation can you use the demo instance
https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same error?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
