On 01/09/2017 02:56 PM, Андрей Ривкин wrote: > Hello everyone! > > I'm new to FreeIpa, so if my question is very simple just point me to the > documentation. > > I've installed FreeIpa on host demo3.xxx.com <http://demo3.xxx.com>. > Then registred some other host demo5.xxx.com <http://demo5.xxx.com>. I've > used > ipa add host command. > Then installed ipa-client and ipa-admin-tools demo5. > Checked that they worked and were able to execute commands like kinit and ipa > host-find. > > On the host demo3 I've restarted service ipa (service ipa restart). > Now I'm able to execute ipa host-find on demo3, but not able to execute this > command on demo3. > I've done kinit by 'someadmin'. > All ipa commands not working: > > > [root@demo5 ~]# ipa -v -d > ipa: DEBUG: Starting external process > ipa: DEBUG: args=keyctl search @s user ipa_session_cookie:somead...@xxx.com > <mailto:ipa_session_cookie%3asomead...@xxx.com> > ipa: DEBUG: Process finished, return code=1 > ipa: DEBUG: stdout= > ipa: DEBUG: stderr=keyctl_search: Required key not available > > ipa: DEBUG: failed to find session_cookie in persistent storage for principal > 'somead...@xxx.com <mailto:somead...@xxx.com>' > ipa: INFO: trying https://demo3.xxx.com/ipa/json > ipa: DEBUG: Created connection context.rpcclient_41215888 > ipa: INFO: Forwarding 'schema' to json server 'https://demo3.xxx.com/ipa/json' > ipa: DEBUG: Destroyed connection context.rpcclient_41215888 > ipa: ERROR: Service 'h...@demo3.xxx.com <mailto:h...@demo3.xxx.com>' not > found > in Kerberos database > > > It looks like my client is not connected to my server. > Any ideas how to debug this situation? > > P.S. Hosts - Centos 7. DNS on demo3. > > Regards, > Andrey >
Does following sequence work the same way on both demo3 and demo5? $ kdestroy -A $ kinit someadmin $ kvno HTTP/demo3.xxx.com Does `ipactl status` show that all services are running fine? -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project