On 04/20/2016 05:23 PM, Tiemen Ruiten wrote: > Hello, > > I'm trying to set up a self-service page for a new IPA domain and I'm trying > to > use PWM for that. > > When I try to bind to FreeIPA from within PWM, with the configured "LDAP > Proxy > User", I get the following error: > > error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636 > <http://polonium.ipa.rdmedia.com:636>': unable to create connection: unable > to > bind to ldaps://polonium.ipa.rdmedia.com:636 > <http://polonium.ipa.rdmedia.com:636> as > cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason: [LDAP: > error code 48 - Inappropriate Authentication] > > In /var/log/krb5kdc.log I see: > > Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com> > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33 > <http://192.168.50.33>: NEEDED_PREAUTH: > host/protactinium.ipa.rdmedia....@ipa.rdmedia.com > <mailto:protactinium.ipa.rdmedia....@ipa.rdmedia.com> for > krbtgt/ipa.rdmedia....@ipa.rdmedia.com > <mailto:ipa.rdmedia....@ipa.rdmedia.com>, > Additional pre-authentication required > Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com> > krb5kdc[25760](info): closing down fd 12 > Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com> > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33 > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18 tkt=18 > ses=18}, host/protactinium.ipa.rdmedia....@ipa.rdmedia.com > <mailto:protactinium.ipa.rdmedia....@ipa.rdmedia.com> for > krbtgt/ipa.rdmedia....@ipa.rdmedia.com > <mailto:ipa.rdmedia....@ipa.rdmedia.com> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com> > krb5kdc[25760](info): closing down fd 12 > Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com> > krb5kdc[25760](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33 > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18 tkt=18 > ses=18}, host/protactinium.ipa.rdmedia....@ipa.rdmedia.com > <mailto:protactinium.ipa.rdmedia....@ipa.rdmedia.com> for > ldap/polonium.ipa.rdmedia....@ipa.rdmedia.com > <mailto:polonium.ipa.rdmedia....@ipa.rdmedia.com> > Apr 20 17:12:29 polonium.ipa.rdmedia.com <http://polonium.ipa.rdmedia.com> > krb5kdc[25760](info): closing down fd 12 > > What is going on? What can I do to debug this more? > > > -- > Tiemen Ruiten > Systems Engineer > R&D Media
Hello Tiemen, Just for the record, in FreeIPA we have been also working on our own version of the Community Portal that could be useful for the registration and is already well integrated with FreeIPA: https://github.com/freeipa/freeipa-community-portal http://freeipa-community-portal.readthedocs.org/en/latest/ CCing Christian who currently owns the project. HTH, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
