#4012 Server does not detect different server and IPA domain
Closed: Fixed None Opened 6 years ago by mkosek.

Server domain is being checked if it is in a main IPA domain. When not, additional realm_domain mapping is added to /etc/krb5.conf.

However, given that the domain is checked just with string comparison of the domain, when the server has fqdn like ipa-idm.example.com and main domain and realm is idm.example.com, the installer does not detect this mismatch, does not configure realm_domain mapping and httpd does not start due to obscure error:

gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more
information (, ), referer: https://ipa-idm.example.com/ipa/xml

I saw where the problem is during investigation, have a patch.

Patch ''freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch'' sent for review
freeipa-mkosek-440-server-does-not-detect-different-server-and-ipa-doma.patch

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)

3 years ago

Login to comment on this ticket.

Metadata