Server domain is being checked if it is in a main IPA domain. When not, additional realm_domain mapping is added to /etc/krb5.conf.
However, given that the domain is checked just with string comparison of the domain, when the server has fqdn like ipa-idm.example.com and main domain and realm is idm.example.com, the installer does not detect this mismatch, does not configure realm_domain mapping and httpd does not start due to obscure error:
gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more
information (, ), referer: https://ipa-idm.example.com/ipa/xml
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1026845
I saw where the problem is during investigation, have a patch.
Patch ''freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch'' sent for review
Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)
to comment on this ticket.