Hello Martin, Thanks that does help, I didn't know about this project. I will try this approach first. Seems like it will be better integrated with FreeIPA and in general more maintainable than PWM.
On 21 April 2016 at 09:59, Martin Kosek <[email protected]> wrote: > On 04/20/2016 05:23 PM, Tiemen Ruiten wrote: > > Hello, > > > > I'm trying to set up a self-service page for a new IPA domain and I'm > trying to > > use PWM for that. > > > > When I try to bind to FreeIPA from within PWM, with the configured "LDAP > Proxy > > User", I get the following error: > > > > error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636 > > <http://polonium.ipa.rdmedia.com:636>': unable to create connection: > unable to > > bind to ldaps://polonium.ipa.rdmedia.com:636 > > <http://polonium.ipa.rdmedia.com:636> as > > cn=svcpwmproxy,cn=groups,cn=accounts,dc=ipa,dc=rdmedia,dc=com reason: > [LDAP: > > error code 48 - Inappropriate Authentication] > > > > In /var/log/krb5kdc.log I see: > > > > Apr 20 17:12:29 polonium.ipa.rdmedia.com < > http://polonium.ipa.rdmedia.com> > > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33 > > <http://192.168.50.33>: NEEDED_PREAUTH: > > host/[email protected] > > <mailto:[email protected]> for > > krbtgt/[email protected] <mailto: > [email protected]>, > > Additional pre-authentication required > > Apr 20 17:12:29 polonium.ipa.rdmedia.com < > http://polonium.ipa.rdmedia.com> > > krb5kdc[25760](info): closing down fd 12 > > Apr 20 17:12:29 polonium.ipa.rdmedia.com < > http://polonium.ipa.rdmedia.com> > > krb5kdc[25760](info): AS_REQ (6 etypes {18 17 16 23 25 26}) 192.168.50.33 > > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18 > tkt=18 > > ses=18}, host/[email protected] > > <mailto:[email protected]> for > > krbtgt/[email protected] <mailto: > [email protected]> > > Apr 20 17:12:29 polonium.ipa.rdmedia.com < > http://polonium.ipa.rdmedia.com> > > krb5kdc[25760](info): closing down fd 12 > > Apr 20 17:12:29 polonium.ipa.rdmedia.com < > http://polonium.ipa.rdmedia.com> > > krb5kdc[25760](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) > 192.168.50.33 > > <http://192.168.50.33>: ISSUE: authtime 1461165149, etypes {rep=18 > tkt=18 > > ses=18}, host/[email protected] > > <mailto:[email protected]> for > > ldap/[email protected] > > <mailto:[email protected]> > > Apr 20 17:12:29 polonium.ipa.rdmedia.com < > http://polonium.ipa.rdmedia.com> > > krb5kdc[25760](info): closing down fd 12 > > > > What is going on? What can I do to debug this more? > > > > > > -- > > Tiemen Ruiten > > Systems Engineer > > R&D Media > > Hello Tiemen, > > Just for the record, in FreeIPA we have been also working on our own > version of > the Community Portal that could be useful for the registration and is > already > well integrated with FreeIPA: > > https://github.com/freeipa/freeipa-community-portal > http://freeipa-community-portal.readthedocs.org/en/latest/ > > CCing Christian who currently owns the project. > > HTH, > Martin > -- Tiemen Ruiten Systems Engineer R&D Media
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
