Re: [Freeipa-users] Using FreeIPA web interface from a windows client(IE)
I'm testing with firefox now and have set the network.negotiate-auth.trusted-uris but the FreeIPA web interface says my kerberos ticket is no longer valid even though the MIT KFW has a current, valid, ticket. I only see that as a configuration setting for Firefox for this funtionality. Anything else I'm missing? On Fri, Sep 23, 2011 at 3:31 PM, Rob Crittenden rcrit...@redhat.com wrote: Jimmy wrote: I have been using the interface from a Linux client on Firefox just fine, but now I need to configure a windows client to access the web interface. I have the win7 client logged in using a FreeIPA user, authenticated against the realm, and when I browse to the web page I still get another log in box but no matter what I do not get access, or the browser cannot access the ticket the system has. I enabled the Enable Integrated Windows Authentication option in IE. After that wasn't working I even installed the MIT KFW to make sure I was really getting a ticket(not really expecting that it would fix the problem.) I am searching for this fix actively, but figured I'd ask here in case someone had the answer at hand. Firefox in Windows will work with the MIT client but not IE. For IE to work you need to enable fake basic auth fallback, http://freeipa.org/page/UIPasswordAuth . This isn't really ideal but the only workaround we know of. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Using FreeIPA web interface from a windows client(IE)
Correction, the error I'm getting is IPA Error 1101 - did not receive Kerberos credentials and I do not see anything in the server logs. On Mon, Sep 26, 2011 at 1:51 PM, Jimmy g17ji...@gmail.com wrote: I'm testing with firefox now and have set the network.negotiate-auth.trusted-uris but the FreeIPA web interface says my kerberos ticket is no longer valid even though the MIT KFW has a current, valid, ticket. I only see that as a configuration setting for Firefox for this funtionality. Anything else I'm missing? On Fri, Sep 23, 2011 at 3:31 PM, Rob Crittenden rcrit...@redhat.comwrote: Jimmy wrote: I have been using the interface from a Linux client on Firefox just fine, but now I need to configure a windows client to access the web interface. I have the win7 client logged in using a FreeIPA user, authenticated against the realm, and when I browse to the web page I still get another log in box but no matter what I do not get access, or the browser cannot access the ticket the system has. I enabled the Enable Integrated Windows Authentication option in IE. After that wasn't working I even installed the MIT KFW to make sure I was really getting a ticket(not really expecting that it would fix the problem.) I am searching for this fix actively, but figured I'd ask here in case someone had the answer at hand. Firefox in Windows will work with the MIT client but not IE. For IE to work you need to enable fake basic auth fallback, http://freeipa.org/page/UIPasswordAuth . This isn't really ideal but the only workaround we know of. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Using FreeIPA web interface from a windows client(IE)
On Mon, 2011-09-26 at 14:07 -0400, Jimmy wrote: Correction, the error I'm getting is IPA Error 1101 - did not receive Kerberos credentials and I do not see anything in the server logs. You need to enable forwarding of credentials too. Simo. On Mon, Sep 26, 2011 at 1:51 PM, Jimmy g17ji...@gmail.com wrote: I'm testing with firefox now and have set the network.negotiate-auth.trusted-uris but the FreeIPA web interface says my kerberos ticket is no longer valid even though the MIT KFW has a current, valid, ticket. I only see that as a configuration setting for Firefox for this funtionality. Anything else I'm missing? On Fri, Sep 23, 2011 at 3:31 PM, Rob Crittenden rcrit...@redhat.com wrote: Jimmy wrote: I have been using the interface from a Linux client on Firefox just fine, but now I need to configure a windows client to access the web interface. I have the win7 client logged in using a FreeIPA user, authenticated against the realm, and when I browse to the web page I still get another log in box but no matter what I do not get access, or the browser cannot access the ticket the system has. I enabled the Enable Integrated Windows Authentication option in IE. After that wasn't working I even installed the MIT KFW to make sure I was really getting a ticket(not really expecting that it would fix the problem.) I am searching for this fix actively, but figured I'd ask here in case someone had the answer at hand. Firefox in Windows will work with the MIT client but not IE. For IE to work you need to enable fake basic auth fallback, http://freeipa.org/page/UIPasswordAuth . This isn't really ideal but the only workaround we know of. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Using FreeIPA web interface from a windows client(IE)
Jimmy wrote: I have been using the interface from a Linux client on Firefox just fine, but now I need to configure a windows client to access the web interface. I have the win7 client logged in using a FreeIPA user, authenticated against the realm, and when I browse to the web page I still get another log in box but no matter what I do not get access, or the browser cannot access the ticket the system has. I enabled the Enable Integrated Windows Authentication option in IE. After that wasn't working I even installed the MIT KFW to make sure I was really getting a ticket(not really expecting that it would fix the problem.) I am searching for this fix actively, but figured I'd ask here in case someone had the answer at hand. Firefox in Windows will work with the MIT client but not IE. For IE to work you need to enable fake basic auth fallback, http://freeipa.org/page/UIPasswordAuth . This isn't really ideal but the only workaround we know of. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Using FreeIPA web interface from a windows client(IE)
On 09/23/2011 03:31 PM, Rob Crittenden wrote: Jimmy wrote: I have been using the interface from a Linux client on Firefox just fine, but now I need to configure a windows client to access the web interface. I have the win7 client logged in using a FreeIPA user, authenticated against the realm, and when I browse to the web page I still get another log in box but no matter what I do not get access, or the browser cannot access the ticket the system has. I enabled the Enable Integrated Windows Authentication option in IE. After that wasn't working I even installed the MIT KFW to make sure I was really getting a ticket(not really expecting that it would fix the problem.) I am searching for this fix actively, but figured I'd ask here in case someone had the answer at hand. Firefox in Windows will work with the MIT client but not IE. For IE to work you need to enable fake basic auth fallback, http://freeipa.org/page/UIPasswordAuth . This isn't really ideal but the only workaround we know of. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users Chrome will work as well, just not IE. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users