[Freeipa-users] Firefox on OS X 10.6 problem
Hi, Today I setup free ipa on CentOS release 6.2. I configured my client machine, that is: 1. I edited my /Library/Preferences/edu.mit.Kerberos file so it has following content: [domain_realm] polidea.pl = POLIDEA.PL .polidea.pl = .POLIDEA.PL [libdefaults] default_realm = POLIDEA.PL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] POLIDEA.PL = { admin_server = free-ipa.polidea.pl:749 default_domain = polidea.pl kdc = free-ipa.polidea.pl:88 } [logging] kdc = FILE:/var/log/krb5kdc/kdc.log admin_server = FILE:/var/log/krb5kdc/kadmin.log I I run open /System/Library/Coreservices/Ticket\ Viewer.app and added ad...@polidea.pl identity (i get ticket so password is valid) also i configured my firefox like in this link: http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser Unfortunately when I try to login I get following error: Your kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser. my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's entries from today). I will appreciate any help. regards, Maciek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On 03/19/2012 12:31 PM, Maciej Sawicki wrote: Hi, Today I setup free ipa on CentOS release 6.2. I configured my client machine, that is: 1. I edited my /Library/Preferences/edu.mit.Kerberos file so it has following content: [domain_realm] polidea.pl = POLIDEA.PL .polidea.pl = .POLIDEA.PL [libdefaults] default_realm = POLIDEA.PL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] POLIDEA.PL = { admin_server = free-ipa.polidea.pl:749 default_domain = polidea.pl kdc = free-ipa.polidea.pl:88 } [logging] kdc = FILE:/var/log/krb5kdc/kdc.log admin_server = FILE:/var/log/krb5kdc/kadmin.log I I run open /System/Library/Coreservices/Ticket\ Viewer.app and added ad...@polidea.pl identity (i get ticket so password is valid) also i configured my firefox like in this link: http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser Unfortunately when I try to login I get following error: Your kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser. my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's entries from today). I will appreciate any help. regards, Maciek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Have you done everything covered in the section 4.3.3 of the document? http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/using-the-ui.html#Using_a_Browser_on_Another_System -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On Mon, Mar 19, 2012 at 5:38 PM, Dmitri Pal d...@redhat.com wrote: Have you done everything covered in the section 4.3.3 of the document? http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/using-the-ui.html#Using_a_Browser_on_Another_System Hi Dmitri, Thanks for quick answer. I did this, but still have the same problem :(. regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
Sorry for double post, but I would like to provide firefox log: 1886907584[10031d220]: using REQ_DELEGATE 1886907584[10031d220]: service = free-ipa.polidea.pl 1886907584[10031d220]: using negotiate-gss 1886907584[10031d220]: entering nsAuthGSSAPI::nsAuthGSSAPI() 1886907584[10031d220]: Attempting to load gss functions 1886907584[10031d220]: entering nsAuthGSSAPI::Init() 1886907584[10031d220]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] 1886907584[10031d220]: entering nsAuthGSSAPI::GetNextToken() 1886907584[10031d220]: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information 1886907584[10031d220]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] 1886907584[10031d220]: using REQ_DELEGATE 1886907584[10031d220]: service = free-ipa.polidea.pl 1886907584[10031d220]: using negotiate-gss 1886907584[10031d220]: entering nsAuthGSSAPI::nsAuthGSSAPI() 1886907584[10031d220]: entering nsAuthGSSAPI::Init() 1886907584[10031d220]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate] 1886907584[10031d220]: entering nsAuthGSSAPI::GetNextToken() 1886907584[10031d220]: gss_init_sec_context() failed: Unspecified GSS failure. Minor code may provide more information 1886907584[10031d220]: leaving nsAuthGSSAPI::GetNextToken [rv=80004005] best regards, Maciek Sawicki On Mon, Mar 19, 2012 at 5:58 PM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: On Mon, Mar 19, 2012 at 5:38 PM, Dmitri Pal d...@redhat.com wrote: Have you done everything covered in the section 4.3.3 of the document? http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/using-the-ui.html#Using_a_Browser_on_Another_System Hi Dmitri, Thanks for quick answer. I did this, but still have the same problem :(. regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On Mon, Mar 19, 2012 at 9:31 AM, Maciej Sawicki maciej.sawi...@polidea.pl wrote: Hi, Today I setup free ipa on CentOS release 6.2. I configured my client machine, that is: 1. I edited my /Library/Preferences/edu.mit.Kerberos file so it has following content: [domain_realm] polidea.pl = POLIDEA.PL .polidea.pl = .POLIDEA.PL [libdefaults] default_realm = POLIDEA.PL dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] POLIDEA.PL = { admin_server = free-ipa.polidea.pl:749 default_domain = polidea.pl kdc = free-ipa.polidea.pl:88 } [logging] kdc = FILE:/var/log/krb5kdc/kdc.log admin_server = FILE:/var/log/krb5kdc/kadmin.log I I run open /System/Library/Coreservices/Ticket\ Viewer.app and added ad...@polidea.pl identity (i get ticket so password is valid) also i configured my firefox like in this link: http://freeipa.org/page/InstallAndDeploy#Configuring_your_Browser Unfortunately when I try to login I get following error: Your kerberos ticket is no longer valid. Please run kinit and then click 'Retry'. If this is your first time running the IPA Web UI follow these directions to configure your browser. my /var/log/krb5kdc/kadmin.log has only few old entries (0 today's entries from today). I will appreciate any help. I just edited /etc/krb5.conf on my mac and then kinit from command line and you should see ticket in the Ticket Viewer app. From there, you should be able to renew the ticket inside the app or from command line. I did not touch the /Library/Preferences/edu.mit.Kerberos file at all. Steve ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Firefox on OS X 10.6 problem
On Mon, Mar 19, 2012 at 6:10 PM, Stephen Ingram sbing...@gmail.com wrote: I just edited /etc/krb5.conf on my mac and then kinit from command line and you should see ticket in the Ticket Viewer app. From there, you should be able to renew the ticket inside the app or from command line. I did not touch the /Library/Preferences/edu.mit.Kerberos file at all. Steve Thanks from answer. I manage to solve this issue (I'm not sure if it best way but it works). In link from Dmitri I saw that I have to copy /etc/krb5.conf file from free-ipa server so I copied it to /Library/Preferences/edu.mit.Kerberos It's a little different then in http://freeipa.com/page/ConfiguringMacintoshClients. best regards, Maciek Sawicki ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users