Server domain is being checked if it is in a main IPA domain. When not, additional realm_domain mapping is added to /etc/krb5.conf.
/etc/krb5.conf
However, given that the domain is checked just with string comparison of the domain, when the server has fqdn like ipa-idm.example.com and main domain and realm is idm.example.com, the installer does not detect this mismatch, does not configure realm_domain mapping and httpd does not start due to obscure error:
ipa-idm.example.com
idm.example.com
gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (, ), referer: https://ipa-idm.example.com/ipa/xml
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1026845
I saw where the problem is during investigation, have a patch.
Patch ''freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch'' sent for review freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch
master: b4ee7da[[BR]] ipa-3-3: cce06d3
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)
Login to comment on this ticket.