Thanks a lot. This is the case ! On Tue, Feb 18, 2020 at 4:20 PM Christian Heimes <[email protected]> wrote:
> On 18/02/2020 10.53, Djan D via FreeIPA-users wrote: > > HI > > Installed a fresh IPA server on CentOS 6 and all services are up and > > running. While trying to create database for the first-time, i am facing > > following error. > > > > * # /usr/sbin/kdb5_util create -r TESTLAB.ORG <http://TESTLAB.ORG> -s > > Loading random data > > Initializing database '/var/kerberos/krb5kdc/principal' for realm '* > > TESTLAB.ORG <http://TESTLAB.ORG> *', > > master key name 'K/M@* TESTLAB.ORG <http://TESTLAB.ORG> *' > > You will be prompted for the database Master Password. > > It is important that you NOT FORGET this password. > > Enter KDC database master key: > > Re-enter KDC database master key to verify: > > * > > *kdb5_util: Kerberos database constraints violated while adding entries > > to the database * > > > > Facing the same error while trying to create a principal: > > > > # kadmin.local -q "add_principal -randkey reader@ TESTLAB.ORG > > <http://TESTLAB.ORG> " > > Authenticating as principal admin/admin@ TESTLAB.ORG > > <http://TESTLAB.ORG> with password. > > WARNING: no policy specified for reader@ TESTLAB.ORG > > <http://TESTLAB.ORG> ; defaulting to no policy > > add_principal: Kerberos database constraints violated while creating > > "reader@ TESTLAB.ORG <http://TESTLAB.ORG> ". > > > > Can anyone point to me the exact reason for the error ? > IPA server creates and manages the KRB5 database for you. You must not > use any low-level Kerberos tools to interact with the database directly. > In order to create a user in IPA, you have to use the command line tools > or the web interface. > > $ kinit admin > $ ipa user-add reader > > Christian > -- > Christian Heimes > Principal Software Engineer, Identity Management and Platform Security > > Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn, > Commercial register: Amtsgericht Muenchen, HRB 153243, > Managing Directors: Charles Cachera, Laurie Krebs, Michael O'Neill, > Thomas Savage > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
