"freeipa-users-requ...@redhat.com" <freeipa-users-requ...@redhat.com> skrev:


Send Freeipa-users mailing list submissions to
        freeipa-users@redhat.com

To subscribe or unsubscribe via the World Wide Web, visit
        https://www.redhat.com/mailman/listinfo/freeipa-users
or, via email, send a message with subject or body 'help' to
        freeipa-users-requ...@redhat.com

You can reach the person managing the list at
        freeipa-users-ow...@redhat.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeipa-users digest..."


Today's Topics:

   1. Help regarding Basic FreeIPA setup (Chandan Kumar)
   2. Problem Active Directory Synchronisation:
      ipawinsyncuserflatten false (Adrien Rami)


----------------------------------------------------------------------

Message: 1
Date: Tue, 15 May 2012 07:35:39 -0700
From: Chandan Kumar <chandank.ku...@gmail.com>
To: Steven Jones <steven.jo...@vuw.ac.nz>
Cc: "freeipa-users@redhat.com" <freeipa-users@redhat.com>
Subject: [Freeipa-users] Help regarding Basic FreeIPA setup
Message-ID:
        <CAD=ckma+x48sjqqabo7slr++0fqs9wscohow5h+xeaqrzjs...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi,
I am running the default Firefox that comes with centos 6.2 . I guess that
 Whatever time I do kinit it just does not working for me even for single
time.

Also it shows as that I am logged in as u...@freeipa.org.... In the main
back ground web page. Not sure whether it's relevant with this error.

On Monday, 14 May 2012, Steven Jones wrote:

>  Hi,
>
>
>
> I have run it on Macosx and RHEL6.2, firefox and chrome, safari wont
> connect but thats a safari issue Im sure.
>
>
>
> After running "kinit admin" I find the kerberos ticket expires about 24
> hours later so you have to renew?  What you can do if it simply wont
> work is get IPA to fall back to asking for a password, which is what I have
> had to set for Windows 7 firefox users.
>
>
>
> It might depend on which version of firefox, 3 and 10 do work......I think
> RH say firefox 10 is the long term supported version for them so I'd run
> that at least.
>
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>   ------------------------------
> *From:* freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com]
> on behalf of Chandan Kumar [chandank.ku...@gmail.com]
> *Sent:* Tuesday, 15 May 2012 9:25 a.m.
> *To:* d...@redhat.com
> *Cc:* freeipa-users@redhat.com
> *Subject:* Re: [Freeipa-users] Help regarding Basic FreeIPA setup
>
>
> System: Centos 6.2
> IPA version : ipa-server-2.1.3-9.el6.x86_64
>
>
> Thanks
> Chandan
>
>
>
>
>
> On Mon, May 14, 2012 at 2:21 PM, Dmitri Pal <d...@redhat.com> wrote:
>
>> **
>>  On 05/14/2012 05:09 PM, Chandan Kumar wrote:
>>
>> I am a newbie in IPA and was experimenting it on my couple of VMs before
>> considering it for production level.
>>
>> Installation went fine, however, I am getting the kerberos key expiration
>> error at firefox. I am running firefox on the same machine where I have
>> installed/configured ipa-server. On googling and some help in IRC I checked
>> documentation to trouble shoot it as this appear to be a known problem.
>>
>> Moreover, I did follow
>>
>> http://freeipa.org/page/InstallAndDeploy
>> http://freeipa.org/page/TroubleshootingGuide
>>
>> Fire fox logs
>>
>> 1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
>> [rv=80004005]
>> -1977841888[7fc789f5b040]:   using REQ_DELEGATE
>> -1977841888[7fc789f5b040]:   service = ipaserver.example.com
>> -1977841888[7fc789f5b040]:   using negotiate-gss
>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::nsAuthGSSAPI()
>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::Init()
>> -1977841888[7fc789f5b040]: nsHttpNegotiateAuth::GenerateCredentials()
>> [challenge=Negotiate]
>> -1977841888[7fc789f5b040]: entering nsAuthGSSAPI::GetNextToken()
>> -1977841888[7fc789f5b040]: gss_init_sec_context() failed: Unspecified GSS
>> failure.  Minor code may provide more information
>> SPNEGO cannot find mechanisms to negotiate
>> -1977841888[7fc789f5b040]:   leaving nsAuthGSSAPI::GetNextToken
>> [rv=80004005]
>>
>> [root@ds var]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: ad...@example.com
>>
>> Valid starting     Expires            Service principal
>> 05/14/12 13:50:32  05/15/12 13:50:30  krbtgt/example....@example.com
>> 05/14/12 13:53:58  05/15/12 13:50:30  HTTP/
>> ipaserver.example....@example.com
>> 05/14/12 13:54:13  05/15/12 13:50:30  ldap/
>> ipaserver.example....@example.com
>> [root@ds var]#
>>
>> Output of ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin
>>
>> at http://fpaste.org/9hXX/
>>
>> I am not sure what I am missing though. Appreciate any help.
>>
>> Thanks
>> Chandan
>>
>>
>>
>>
>>  Are you running FF on windows?
>> Which version of IPA are you using?
>>
>>
>>
>> _______________________________________________
>> Freeipa-users mailing 
>> listFreeipa-users@redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IPA project,
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>

--
Sent from my iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://www.redhat.com/archives/freeipa-users/attachments/20120515/c047ec25/attachment.html>

------------------------------

Message: 2
Date: Tue, 15 May 2012 17:46:15 +0200
From: Adrien Rami <adr...@uniwan.be>
To: freeipa-users@redhat.com <freeipa-users@redhat.com>
Subject: [Freeipa-users] Problem Active Directory Synchronisation:
        ipawinsyncuserflatten false
Message-ID: <zarafa.4fb27a47.71fc.30a19f530885e94e@za1.uniwan.local>
Content-Type: text/plain; charset="utf-8"

Hi all,

I introduce myself. I am Adrien Rami and I am Open Source developper.

I work on a project with FreeIPA and I try to sync an Active Directory with 
FreeIPA, with the special case that I want to sync the Organisation Unit.

I set the ipawinsyncuserflatten on false but unfortunately it didn't work.

Is there a way to do this? If yes does someone do that and have some 
information for me?

Best regards

Adrien Rami



-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<https://www.redhat.com/archives/freeipa-users/attachments/20120515/278a9f84/attachment.html>

------------------------------

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

End of Freeipa-users Digest, Vol 46, Issue 57
*********************************************

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to