I am attempting to setup apache behind a load balancer and have setup
the necessary host and DNS entry to represent a virtual host.  I also
have added the ACL to pull and also create the ticket.

I am however unable to run ipa-getkeytab with the -r flag.  If I
remove the flag, I get the ticket fine from both systems.  What could
I have overlooked.  I have gone through the exercise twice with the
same result.  Below is what I am currently seeing.

william@ansible ~]$ ssh root@lithium
Last login: Wed Mar  7 15:57:59 2018 from cacti.eng.example.com
^[[A[root@lithium ~]# ipa service-find temp30.eng.example.com
1 service matched
  Principal name: http/temp30.eng.example....@eng.example.com
  Principal alias: http/temp30.eng.example....@eng.example.com
  Keytab: True
  Hosts allowed to retrieve keytab: temp20.eng.example.com,
Number of entries returned 1
[root@lithium ~]#

[root@temp20 ~]# ipa-getkeytab -r -s lithium.eng.example.com -p
http/temp30.eng.example.com -k /etc/httpd/conf.d/httpd.keytab
Failed to parse result: Insufficient access rights

Failed to get keytab
[root@temp20 ~]# ipa-getkeytab  -s lithium.eng.example.com -p
http/temp30.eng.example.com -k /etc/httpd/conf.d/httpd.keytab
Keytab successfully retrieved and stored in: /etc/httpd/conf.d/httpd.keytab
[root@temp20 ~]#

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to