I'm afraid I don't know how to construct the right ipa-getkeytab command to
test. Do I run ipa-getkeytab on the client or on the ipa server? For the
[email protected] principal?
I thought about STARTTLS pointing to a certificate issue. The certs on the ipa
server are not expired:
getcert list | grep expires
expires: 2022-06-18 21:28:39 UTC
expires: 2022-05-24 03:14:46 UTC
expires: 2022-05-24 03:15:16 UTC
expires: 2022-05-24 03:14:56 UTC
expires: 2038-07-11 18:11:01 UTC
expires: 2022-05-24 03:14:38 UTC
expires: 2022-08-01 03:40:17 UTC
expires: 2022-06-15 03:14:35 UTC
expires: 2022-06-15 03:14:50 UTC
Could it be an issue with an expired certificate on the AD end?
Thank you!
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
