On 10/13/2017 11:23 AM, Rob Crittenden wrote:

The kvno should match that of the keytab. If not you'll need to regenerate it.

Note that by default ipa-getkeytab generates new keys every time it is executed.


Addendum to my previous reply.  I /can/ 'kinit mark.haney' and supply my password on the problem box.  It doesn't work when I try to su - mark.haney (user mark.haney does not exist) or sudo -u mark.haney (sudo: unable to initialize policy plugin).  And as my user account has /never/ existed on this box either in LDAP or local, I know IPA auth is working for accounts, just not completely working.

Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to