On 03/06/2015 09:26 AM, Dan Mossor wrote:
On Fri, Mar 6, 2015 at 1:28 AM, Martin Kosek <mko...@redhat.com <mailto:mko...@redhat.com>> wrote:


    On 03/06/2015 02:38 AM, Dan Mossor wrote:



        On Thu, Mar 5, 2015 at 7:21 PM, Dmitri Pal <d...@redhat.com
        <mailto:d...@redhat.com>
        <mailto:d...@redhat.com <mailto:d...@redhat.com>>> wrote:

        http://i.imgur.com/mhX86Ng.png

            It should show up if you do not have a ticket. Destroy the
        ticket on the
            client and try  to access the server via browser, you
        should be redirected.

            --
            Thank you,
            Dmitri Pal

            Sr. Engineering Manager IdM portfolio
            Red Hat, Inc.

        Ok then, that is the page that keeps returning. I've tried
        from this
        workstation using Konquerer, which does not support Kerberos,
        I've from from
        Internet Explorer on a Windows 7 Professional desktop, and
        I've tried from a
        Fedora 21 system that is not enrolled in the domain. I get the
        exact same
        response with every attempt.

        One additional step I attempted to take was to change the
        admin password on the
        IPA server. I am getting a ldap_sasl_interactive_bind_s:
        Unknown authentication
        method (-6) error back.

        I think this installation is hosed. I am ready to wipe and
        start over from
        scratch tomorrow. I've already wasted 16 hours on it.


    Sorry to hear that. But I think you should start taking gradual
    steps in your testing and trying to make Web UI over GSSAPI work.
    I would suggest this procedure:

    1) Can I "kinit admin" and run CLI command ("ipa user-show
    admin")? If yes, basic FreeIPA is functioning. Run kdestroy to get
    rid of Kerberos.

    2) Can I login with form basic auth to my FreeIPA? If not, did you
    verify all the items in
    http://www.freeipa.org/page/Troubleshooting#Cannot_authenticate_to_Web_UI
    ? Did you try logging with form based auth in FreeIPA public demo
    for example (user "admin", password "Secret123"):

    https://ipa.demo1.freeipa.org/ipa/ui/

    If not, we can dig further. If yes, you can continue with kinit +
    SSO for the Web UI.

Martin, Dmitri,

Thanks for your help, but I've taken every step available on the page you linked. I just checked this morning before I started over, and on the server I can kinit as admin and run ipa user-show admin. The ipa tools are not on my workstation. I then ran kdestroy on both the server and workstation, and the error remains when logging in to the web UI - it returns me to the screen I showed above in the link to the screenshot.

Regards,
Dan

From your workstation can you use the demo instance https://ipa.demo1.freeipa.org/ipa/ui/ or it returns the same error?

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to