[Freeipa-users] Firefox on OS X 10.6 problem
Hi,
Today I setup free ipa on CentOS release 6.2. I configured my client
machine, that is:
1. I edited my /Library/Preferences/edu.mit.Kerberos file so it has
following content:
[domain_realm]
polidea.pl = POLIDEA.PL
.polidea.pl = .POLIDEA.PL
[libdefaults]
default_realm = POLIDEA.PL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
POLIDEA.PL = {
admin_server = free-ipa.polidea.pl:749
default_domain = polidea.pl
kdc = free-ipa.polidea.pl:88
}
[logging]
kdc = FILE:/var/log/krb5kdc/kdc.log
admin_server = FILE:/var/log/krb5kdc/kadmin.log
I
I run open /System/Library/Coreservices/Ticket\ Viewer.app and added
ad...@polidea.pl identity (i get ticket so password is valid)
also i configured my firefox like in this link:
http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser
Unfortunately when I try to login I get following error:
Your kerberos ticket is no longer valid. Please run kinit and then
click 'Retry'. If this is your first time running the IPA Web UI
follow these directions to configure your browser.
my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's
entries from today).
I will appreciate any help.
regards,
Maciek
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On 03/19/2012 12:31 PM, Maciej Sawicki wrote:
Hi,
Today I setup free ipa on CentOS release 6.2. I configured my client
machine, that is:
1. I edited my /Library/Preferences/edu.mit.Kerberos file so it has
following content:
[domain_realm]
polidea.pl = POLIDEA.PL
.polidea.pl = .POLIDEA.PL
[libdefaults]
default_realm = POLIDEA.PL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
POLIDEA.PL = {
admin_server = free-ipa.polidea.pl:749
default_domain = polidea.pl
kdc = free-ipa.polidea.pl:88
}
[logging]
kdc = FILE:/var/log/krb5kdc/kdc.log
admin_server = FILE:/var/log/krb5kdc/kadmin.log
I
I run open /System/Library/Coreservices/Ticket\ Viewer.app and added
ad...@polidea.pl identity (i get ticket so password is valid)
also i configured my firefox like in this link:
http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser
Unfortunately when I try to login I get following error:
Your kerberos ticket is no longer valid. Please run kinit and then
click 'Retry'. If this is your first time running the IPA Web UI
follow these directions to configure your browser.
my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's
entries from today).
I will appreciate any help.
regards,
Maciek
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Have you done everything covered in the section 4.3.3 of the document?
http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/using-the-ui.html#Using_a_Browser_on_Another_System
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On Mon, Mar 19, 2012 at 5:38 PM, Dmitri Pal d...@redhat.com wrote: Have you done everything covered in the section 4.3.3 of the document? http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/using-the-ui.html#Using_a_Browser_on_Another_System Hi Dmitri, Thanks for quick answer. I did this, but still have the same problem :(. regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
Sorry for double post, but I would like to provide firefox log: 1886907584[10031d220]: using REQ_DELEGATE 1886907584[10031d220]: service = free-ipa.polidea.pl 1886907584[10031d220]: using negotiate-gss 1886907584[10031d220]: entering nsAuthGSSAPI::nsAuthGSSAPI() 1886907584[10031d220]: Attempting to load gss functions 1886907584[10031d220]: entering nsAuthGSSAPI::Init() 1886907584[10031d220]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] 1886907584[10031d220]: entering nsAuthGSSAPI::GetNextToken() 1886907584[10031d220]: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information 1886907584[10031d220]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] 1886907584[10031d220]: using REQ_DELEGATE 1886907584[10031d220]: service = free-ipa.polidea.pl 1886907584[10031d220]: using negotiate-gss 1886907584[10031d220]: entering nsAuthGSSAPI::nsAuthGSSAPI() 1886907584[10031d220]: entering nsAuthGSSAPI::Init() 1886907584[10031d220]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] 1886907584[10031d220]: entering nsAuthGSSAPI::GetNextToken() 1886907584[10031d220]: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information 1886907584[10031d220]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] best regards, Maciek Sawicki On Mon, Mar 19, 2012 at 5:58 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: On Mon, Mar 19, 2012 at 5:38 PM, Dmitri Pal d...@redhat.com wrote: Have you done everything covered in the section 4.3.3 of the document? http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/using-the-ui.html#Using_a_Browser_on_Another_System Hi Dmitri, Thanks for quick answer. I did this, but still have the same problem :(. regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On Mon, Mar 19, 2012 at 9:31 AM, Maciej Sawicki
maciej.sawi...@polidea.pl wrote:
Hi,
Today I setup free ipa on CentOS release 6.2. I configured my client
machine, that is:
1. I edited my /Library/Preferences/edu.mit.Kerberos file so it has
following content:
[domain_realm]
polidea.pl = POLIDEA.PL
.polidea.pl = .POLIDEA.PL
[libdefaults]
default_realm = POLIDEA.PL
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
POLIDEA.PL = {
admin_server = free-ipa.polidea.pl:749
default_domain = polidea.pl
kdc = free-ipa.polidea.pl:88
}
[logging]
kdc = FILE:/var/log/krb5kdc/kdc.log
admin_server = FILE:/var/log/krb5kdc/kadmin.log
I
I run open /System/Library/Coreservices/Ticket\ Viewer.app and added
ad...@polidea.pl identity (i get ticket so password is valid)
also i configured my firefox like in this link:
http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser
Unfortunately when I try to login I get following error:
Your kerberos ticket is no longer valid. Please run kinit and then
click 'Retry'. If this is your first time running the IPA Web UI
follow these directions to configure your browser.
my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's
entries from today).
I will appreciate any help.
I just edited /etc/krb5.conf on my mac and then kinit from command
line and you should see ticket in the Ticket Viewer app. From there,
you should be able to renew the ticket inside the app or from command
line. I did not touch the /Library/Preferences/edu.mit.Kerberos file
at all.
Steve
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On Mon, Mar 19, 2012 at 6:10 PM, Stephen Ingram sbing...@gmail.com wrote: I just edited /etc/krb5.conf on my mac and then kinit from command line and you should see ticket in the Ticket Viewer app. From there, you should be able to renew the ticket inside the app or from command line. I did not touch the /Library/Preferences/edu.mit.Kerberos file at all. Steve Thanks from answer. I manage to solve this issue (I'm not sure if it best way but it works). In link from Dmitri I saw that I have to copy /etc/krb5.conf file from free-ipa server so I copied it to /Library/Preferences/edu.mit.Kerberos It's a little different then in http://freeipa.com/page/ConfiguringMacintoshClients. best regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
