Looks like it was finding kinit as part of java I used the full path below but my personal ipa id generates an error but the admin id works ok
[root@test-nfs-prod-1 ~]# rpm --info -qf $(which kinit) file /opt/ibm/ibm-java-x86_64-8.0-1.10/jre/bin/kinit is not owned by any package [root@test-nfs-prod-1 ~]# find / -name kinit /usr/bin/kinit /usr/lib/jvm/java-1.8.0-ibm-1.8.0.4.10-1jpp.3.el7.x86_64/jre/bin/kinit /opt/ibm/ibm-java-x86_64-8.0-1.10/jre/bin/kinit [root@test-nfs-prod-1 ~]# rpm --info -qf /usr/bin/kinit Name : krb5-workstation Version : 1.15.1 Release : 8.el7 Architecture: x86_64 Install Date: Fri 27 Oct 2017 07:55:03 PM UTC Group : System Environment/Base Size : 2606453 License : MIT Signature : RSA/SHA256, Wed 03 May 2017 09:39:47 AM UTC, Key ID 199e2f91fd431d51 Source RPM : krb5-1.15.1-8.el7.src.rpm Build Date : Fri 28 Apr 2017 08:01:32 PM UTC Build Host : x86-034.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://web.mit.edu/kerberos/www/ Summary : Kerberos 5 programs for use on workstations Description : Kerberos is a network authentication system. The krb5-workstation package contains the basic Kerberos programs (kinit, klist, kdestroy, kpasswd). If your network uses Kerberos, this package should be installed on every workstation. [gola-us@test-nfs-prod-1 ~]$ /usr/bin/kinit gola-us kinit: Client's entry in database has expired while getting initial credentials kinit with the admin id works ok [root@test-nfs-prod-1 ~]# /usr/bin/kinit admin Password for admin@test.LOCAL: [root@test-nfs-prod-1 ~]# ipa user-find ---------------- 70 users matched ---------------- User login: admin Last name: Administrator Home directory: /home/admin etc.. Thanks, Carl Gola From: Robbie Harwood via FreeIPA-users <freeipa-users@lists.fedorahosted.org> To: Carl Gola <g...@us.ibm.com>, FreeIPA users list <freeipa-users@lists.fedorahosted.org> Cc: Robbie Harwood <rharw...@redhat.com> Date: 11/15/2017 09:47 AM Subject: [Freeipa-users] Re: ERROR: did not receive Kerberos credentials "Carl Gola" <g...@us.ibm.com> writes: > I'm not sure what's printing Done! either > > Here is a fresh kinit and klist afterwards > > [gola-us@test-nfs-prod-1 ~]$ kinit gola-us > Password for gola-us@test.LOCAL: > > Done! > New ticket is stored in cache file /home/rusers/gola-us/krb5cc_gola-us > [gola-us@test-nfs-prod-1 ~]$ klist > > Credentials cache: /home/rusers/gola-us/krb5cc_gola-us > Default principal: gola-us@test.LOCAL > Number of entries: 1 > > [1] Service principal: krbtgt/test.LOCAL@test.LOCAL > Valid starting: Wednesday, November 15, 2017 at 4:03:26 PM > Expires: Thursday, November 16, 2017 at 4:03:26 PM Hmm, this doesn't look like MIT krb5; what is it? ( `rpm --info -qf $(which kinit)` or `apt show $(dpkg -S $(which kinit) | awk -F: '{print $1}')` depending on what OS you're on.) Does Kerberos issue a service ticket as part of the user-find command, or does it not get that far? (klist, and server logs will tell this.) Thanks, --Robbie (See attached file: signature.asc) _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
signature.asc
Description: Binary data
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
