IPA web ui: ERROR: No valid Negotiate header in server response

Once when I tried to log in to my web interface of FreeIPA server, a message appeared: ERROR: No valid Negotiate header in server response.

1. the log file gave:

GSS ERROR gss_acquire_cred[_from]() failed to get server creds: [Unspecified GSS failure.  Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate)], referer: ...

2. after a long search, I found the file:

/etc/gssproxy/10-ipa.conf

it seems that the problem was with:

/var/lib/ipa/gssproxy/http.keytab

3. if other infrastructure is working – the problem can be resolved by this:

ipa-getkeytab -p HTTP/ipa.local.test@LOCAL.TEST -k /var/lib/ipa/gssproxy/http.keytab

 

Leave a Reply

Your email address will not be published. Required fields are marked *