Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

A.2. UI Connection Problems

If negotiate authentication is not working, turn on verbose logging for the authentication process to help diagnose the issue:
  1. Close all browser windows.
  2. In a terminal, set the new log levels for Firefox:
    export NSPR_LOG_MODULES=negotiateauth:5
    export NSPR_LOG_FILE=/tmp/moz.log
    
    This enables verbose logging and logs all information to /tmp/moz.log.
  3. Restart the browser from the same terminal window.
Some of the common error messages and workarounds are in Table A.1, “UI Error Log Messages”.

Table A.1. UI Error Log Messages

Error Log Message Description and Fix
-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken()
-1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure
No credentials cache found
There are no Kerberos tickets. Run kinit.
-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken()
-1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure
Server not found in Kerberos database
This can occur when you have successfully obtained Kerberos tickets but are still unable to authenticate to the UI. This indicates that there is a problem with the Kerberos configuration. The first place to check is the [domain_realm] section in the /etc/krb5.conf file. Make sure that the IdM Kerberos domain entry is correct and matches the configuration in the Firefox negotiation parameters. For example:
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
Nothing is in the log file. It is possible that you are behind a proxy which is removing the HTTP headers required for negotiate authentication. Try to connect to the server using HTTPS instead, which allows the request to pass through unmodified. Then check the log file again.