On Wed, 2018-09-05 at 16:19 -0400, Ranbir via FreeIPA-users wrote: > Hello, > > I have a Fedora 26 desktop joined to a freeipa domain running two ipa > 4.5.4-10 servers on CentOS 7.5.1804. I have an odd "problem" I hope > someone here can help me fix. > > I can ssh from my desktop to any server in the domain using my password > (i.e. interactive) or GSSAPI. Once on a server, I can ssh to some hosts > in the domain using GSSAPI delegation, but not to others. > > When GSSAPI delegation doesn't work, I see this error: > > debug1: Unspecified GSS failure. Minor code may provide more information > Server host/[email protected] not found in Kerberos database
Is this the actual error? no editing ? > I think I solved this once before, but it was a very, very long time > ago and I don't have any notes to refer to. > > What am I messing up? if ipa01 is really unqualified as you show up here that probably means that you are either ssh-ing using the short name instead of the fully qualified name, or you have reverse resolution enabled and a line in your hosts file with "IP shortname longname", and the shortname is resolved as the name of the server. HTH, Simo. -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
