freeipa

Clone
Source Code
GIT

#4012 Server does not detect different server and IPA domain
Closed: Fixed None Opened 10 years ago by mkosek.

Closed: Fixed
Reopen Issue

Server domain is being checked if it is in a main IPA domain. When not, additional realm_domain mapping is added to /etc/krb5.conf.

However, given that the domain is checked just with string comparison of the domain, when the server has fqdn like ipa-idm.example.com and main domain and realm is idm.example.com, the installer does not detect this mismatch, does not configure realm_domain mapping and httpd does not start due to obscure error:

gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more
information (, ), referer: https://ipa-idm.example.com/ipa/xml

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1026845

I saw where the problem is during investigation, have a patch.

Patch ''freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch'' sent for review
freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch

master: b4ee7da[[BR]]
ipa-3-3: cce06d3

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Installation
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1026845
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.