https://bugzilla.redhat.com/show_bug.cgi?id=875261 (Red Hat Enterprise Linux 6)
Provide a nice error message when user from AD tries to access web UI. ============================ Description of problem: Attemps to log into IPA WebUI with an AD Trusted user fails. Version-Release number of selected component (if applicable): ipa-server-3.0.0-106.20121026T1837zgitf14dd98.el6.x86_64 sssd-1.9.90-0.el6.x86_64 httpd-2.2.15-22.el6.x86_64 How reproducible: alwayys Steps to Reproduce: 1. Setup IPA Master 2. Setup AD Trust and create user on AD side 3. Attempt to log into WebUI with AD user adtestuser@addomain.com Actual results: fails: And I see this in /var/log/httpd/error_log: [Thu Nov 01 10:42:18 2012] [error] ipa: INFO: *** PROCESS START *** [Thu Nov 01 10:46:35 2012] [error] ipa: INFO: 401 Unauthorized: kinit: Client 'adtestuser1@TESTRELM.COM' not found in Kerberos database while getting initial credentials [Thu Nov 01 10:46:35 2012] [error] [Thu Nov 01 10:47:02 2012] [error] [client 192.168.122.23] gss_accept_sec_context() failed: No credentials were supplied, or the credentials were unavailable or inaccessible (, Unknown error), referer: https://rhel6-1.testrelm.com/ipa/ui/index.html [Thu Nov 01 10:47:46 2012] [error] ipa: INFO: 401 Unauthorized: kinit: Malformed representation of principal when parsing name adtestuser1@adtestdom.com@TESTRELM.COM [Thu Nov 01 10:47:46 2012] [error] [Thu Nov 01 10:49:45 2012] [error] ipa: INFO: 401 Unauthorized: kinit: Client 'ADTESTDOMadtestuser1@TESTRELM.COM' not found in Kerberos database while getting initial credentials Expected results: can log in like with normal IPA user.
master: 0292ebd
ipa-3-0: 6aa9c52
Web UI changes:
- master: 8d892f442f27026ac7195f6d9720b6da046ff477 Better error message for login of users from other realms - ipa-3-0: 30137fe5167c9548ed58addece4bb394807508ec Better error message for login of users from other realms
Metadata Update from @dpal: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 3.0.2
Login to comment on this ticket.