On pe, 10 marras 2017, Harald Dunkel via FreeIPA-users wrote:
Hi folks,

maybe I missed something, but shouldn't admin have sufficient
privileges to run

# ipa-client-install --hostname stretch1.vs.example.de --no-ssh --no-sshd 
--no-nisdomain --no-sudo --no-ntp --no-dns-sshfp
# reboot
:
:
# kinit admin
# ipa-getkeytab -s ipa1.example.de -p HTTP/stretch1.vs.example.de -k 
/etc/apache2/apache2.keytab

?

ipa-getkeytab failed with

        Failed to parse result: PrincipalName not found.

I would have expected it to create the principal on the fly.
ipa-getkeytab does not create principal. It creates key for an existing
principal.

"admin" was created at freeipa install time on the first server,
AFAIR. It is member of the "admins" and "trust admins" groups.
admin is one of very few objects we pre-create. Everything else you have
to create yourself.

I am concerned that I corrupted something. Every helpful comment
is highly appreciated.
It is good that nothing unexpected is created in the database on its
own. ;)

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to