This is still happening with rhel 7.4 foreman 1.15.6 and katello 3.4 On Tuesday, August 29, 2017 at 11:44:40 PM UTC+9, [email protected] wrote: > > Repling with the trigger/fix to this issue, I am not sure what causes the > scenario tough. In /etc/foreman-proxy are two files: realm.yaml and > realm_freeipa.yaml. Foreman-installer appears to to ready and modify > realm.yaml, while foreman-proxy is reading realm_freeipa.yaml. By > correcting the realm_freeipa.yaml from [email protected] <javascript:> > to [email protected] to resolve the issue with Kerberos > credentials. There is probably still a bug somewhere in the installer that > needs to be found triggering this. > > On Tuesday, August 29, 2017 at 1:10:12 AM UTC-5, [email protected] wrote: >> >> This is a clean install on CENTOS 7.3 with 1.15.3 and 3.4. As you can >> see from the debug when I attempt to create/provision a host Foreman tries >> to use [email protected] <javascript:> rather than the principle >> setting of [email protected]: >> >> D, [2017-08-28T17:37:36.017066 ] DEBUG -- : freeipa: realm IDM.NWC.NWS >> D, [2017-08-28T17:37:36.017346 ] DEBUG -- : freeipa: uri is >> https://nwcal-idm01.idm.nwc.nws/ipa/xml >> D, [2017-08-28T17:37:36.017543 ] DEBUG -- : Making IPA call: >> ["host_show", ["nwcal-kvm1.nwc.nws"]] >> D, [2017-08-28T17:37:36.022298 ] DEBUG -- : Requesting credentials for >> Kerberos principal [email protected] <javascript:> using keytab >> /etc/foreman-proxy/freeipa.keytab >> E, [2017-08-28T17:37:36.023160 ] ERROR -- : Failed to initialise >> credential cache from keytab: krb5_get_init_creds_keytab: Key table entry >> not found >> E, [2017-08-28T17:37:36.023990 ] ERROR -- : Failed to initailize >> credentials cache from keytab: krb5_get_init_creds_keytab: Key table entry >> not found >> >> >> foreman-installer --help | grep realm >> --foreman-proxy-freeipa-remove-dns Remove DNS entries from FreeIPA >> when deleting hosts from realm (current: true) >> --foreman-proxy-realm Enable realm management feature >> (current: true) >> --foreman-proxy-realm-keytab Kerberos keytab path to authenticate >> realm updates (current: "/etc/foreman-proxy/freeipa.keytab") >> --foreman-proxy-realm-listen-on Realm proxy to listen on https, >> http, or both (current: "https") >> --foreman-proxy-realm-principal Kerberos principal for realm updates >> (current: "[email protected]") >> --foreman-proxy-realm-provider Realm management provider (current: >> "freeipa") >> --foreman-proxy-realm-split-config-files Split realm configuration >> files. This is needed since version 1.15. (current: false) >> >> I am guessing there is either a setting being missed in the >> configuration at install, or this setting is hanging on the install. Other >> than in the settings file, where is this set, or defaulted to? >> >
-- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.
