Hello, I'm trying to set up a self-service page for a new IPA domain and I'm trying to use PWM for that.
When I try to bind to FreeIPA from within PWM, with the configured "LDAP Proxy User", I get the following error: error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636': unable to create connection: unable to bind to ldaps:// polonium.ipa.rdmedia.com:636 as cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason: [LDAP: error code 48 - Inappropriate Authentication] In /var/log/krb5kdc.log I see: Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33: NEEDED_PREAUTH: host/ protactinium.ipa.rdmedia....@ipa.rdmedia.com for krbtgt/ ipa.rdmedia....@ipa.rdmedia.com, Additional pre-authentication required Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): closing down fd 12 Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33: ISSUE: authtime 1461165149, etypes {rep=18 tkt=18 ses=18}, host/ protactinium.ipa.rdmedia....@ipa.rdmedia.com for krbtgt/ ipa.rdmedia....@ipa.rdmedia.com Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): closing down fd 12 Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33: ISSUE: authtime 1461165149, etypes {rep=18 tkt=18 ses=18}, host/ protactinium.ipa.rdmedia....@ipa.rdmedia.com for ldap/ polonium.ipa.rdmedia....@ipa.rdmedia.com Apr 20 17:12:29 polonium.ipa.rdmedia.com krb5kdc[25760](info): closing down fd 12 What is going on? What can I do to debug this more? -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project