On 10/13/2017 10:21 AM, Rob Crittenden wrote:
So yeah, you've moving right along. I was in the middle of asking you
to check krb5.conf when this one came in :-)
So the reason the resubmit failed is certmonger tracks the location,
etc for certs to prevent duplicates (and racing at renewal time). You
can either drop a request using ipa-getcert stop-tracking -i <id>
I stopped tracking the old request and submitted a new one.
I'd check for SELinux issues on /etc/krb5.keytab. Perms should be 0600
SELinux is disabled on this box and permissions are correct.
Or maybe it's the keytab itself. You can tell via:
# kinit -kt /etc/krb5.keytab
You need a key for the value of `hostname`.
This is what I get when checking the keytab itself:
kinit -kt /etc/krb5.keytab
kinit: Generic preauthentication failure while getting initial credentials
When I ran this on one of the other AK boxes I get no output at all.
Granted, all but 2 of these AK boxes were setup using
ipa-client-install, so I don't know if that matters or not.
Network Engineer at NeoNova
919-460-3330 option 1
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org