Once when I tried to log in to my web interface of FreeIPA server, a message appeared: ERROR: No valid Negotiate header in server response.
1. the log file gave:
GSS ERROR gss_acquire_cred[_from]() failed to get server creds: [Unspecified GSS failure. Minor code may provide more information ( SPNEGO cannot find mechanisms to negotiate)], referer: ...
2. after a long search, I found the file:
/etc/gssproxy/10-ipa.conf
it seems that the problem was with:
/var/lib/ipa/gssproxy/http.keytab
3. if other infrastructure is working – the problem can be resolved by this:
ipa-getkeytab -p HTTP/ipa.local.test@LOCAL.TEST -k /var/lib/ipa/gssproxy/http.keytab