Ipa Commands Fail with ipa: ERROR: No valid Negotiate header in server response
Issue
Normal use of any ipa command leads to "ipa: ERROR: No valid Negotiate header in server response"
# kdestroy -A
# kinit admin
Password for admin@IDM4.TEST.LABS:
# klist -ef
Ticket cache: KCM:0
Default principal: admin@IDM4.TEST.LABS
Valid starting Expires Service principal
07/05/2025 16:07:35 07/06/2025 15:40:53 krbtgt/IDM4.TEST.LABS@IDM4.TEST.LABS
Flags: FIA, Etype (skey, tkt): aes256-cts-hmac-sha384-192, aes256-cts-hmac-sha384-192
ipa config-show
ipa: ERROR: No valid Negotiate header in server response
With debug enabled by setting "debug=True" into the [global] section of /etc/ipa/default.conf
[root@r810-1 ~]# vi /etc/ipa/default.conf
[global]
host = r810-1.idm4.test.labs
basedn = dc=idm4,dc=test,dc=labs
realm = IDM4.TEST.LABS
domain = idm4.test.labs
xmlrpc_uri = https://r810-1.idm4.test.labs/ipa/xml
ldap_uri = ldapi://%2fvar%2frun%2fslapd-IDM4-TEST-LABS.socket
enable_ra = True
ra_plugin = dogtag
dogtag_version = 10
mode = production
debug=True
[root@r810-1 ~]# systemctl restart httpd
[root@r810-1 ~]# ipa config-show
<..snip..>
ipa: DEBUG: failed to find session_cookie in persistent storage for principal 'admin@IDM4.TEST.LABS'
ipa: DEBUG: trying https://r810-1.idm4.test.labs/ipa/json
ipa: DEBUG: New HTTP connection (r810-1.idm4.test.labs)
ipa: DEBUG: HTTP connection destroyed (r810-1.idm4.test.labs)
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 724, in single_request
if not self._auth_complete(response):
File "/usr/lib/python3.6/site-packages/ipalib/rpc.py", line 674, in _auth_complete
message=u"No valid Negotiate header in server response")
ipalib.errors.KerberosError: No valid Negotiate header in server response
ipa: ERROR: No valid Negotiate header in server response
Environment
Red Hat Enterprise Linux 8, 9, 10
Red Hat Identity Management
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
