hello Since the keytab file is invalid, I manually generated a new IPA. keytab file, but now it seems that encryption-types does not match. What should I do with this?thank you
#ipa user-find devop ipa: DEBUG: importing all plugin modules in ipalib.plugins... ipa: DEBUG: importing plugin module ipalib.plugins.aci ipa: DEBUG: importing plugin module ipalib.plugins.automember ipa: DEBUG: importing plugin module ipalib.plugins.automount ipa: DEBUG: importing plugin module ipalib.plugins.baseldap ipa: DEBUG: importing plugin module ipalib.plugins.baseuser ipa: DEBUG: importing plugin module ipalib.plugins.batch ipa: DEBUG: importing plugin module ipalib.plugins.caacl ipa: DEBUG: importing plugin module ipalib.plugins.cert ipa: DEBUG: importing plugin module ipalib.plugins.certprofile ipa: DEBUG: importing plugin module ipalib.plugins.config ipa: DEBUG: importing plugin module ipalib.plugins.delegation ipa: DEBUG: importing plugin module ipalib.plugins.dns ipa: DEBUG: importing plugin module ipalib.plugins.domainlevel ipa: DEBUG: importing plugin module ipalib.plugins.group ipa: DEBUG: importing plugin module ipalib.plugins.hbacrule ipa: DEBUG: importing plugin module ipalib.plugins.hbacsvc ipa: DEBUG: importing plugin module ipalib.plugins.hbacsvcgroup ipa: DEBUG: importing plugin module ipalib.plugins.hbactest ipa: DEBUG: importing plugin module ipalib.plugins.host ipa: DEBUG: importing plugin module ipalib.plugins.hostgroup ipa: DEBUG: importing plugin module ipalib.plugins.idrange ipa: DEBUG: importing plugin module ipalib.plugins.idviews ipa: DEBUG: importing plugin module ipalib.plugins.internal ipa: DEBUG: importing plugin module ipalib.plugins.krbtpolicy ipa: DEBUG: importing plugin module ipalib.plugins.migration ipa: DEBUG: importing plugin module ipalib.plugins.misc ipa: DEBUG: importing plugin module ipalib.plugins.netgroup ipa: DEBUG: importing plugin module ipalib.plugins.otpconfig ipa: DEBUG: importing plugin module ipalib.plugins.otptoken ipa: DEBUG: importing plugin module ipalib.plugins.otptoken_yubikey ipa: DEBUG: importing plugin module ipalib.plugins.passwd ipa: DEBUG: importing plugin module ipalib.plugins.permission ipa: DEBUG: importing plugin module ipalib.plugins.ping ipa: DEBUG: importing plugin module ipalib.plugins.pkinit ipa: DEBUG: importing plugin module ipalib.plugins.privilege ipa: DEBUG: importing plugin module ipalib.plugins.pwpolicy ipa: DEBUG: Starting external process ipa: DEBUG: args=klist -V ipa: DEBUG: Process finished, return code=0 ipa: DEBUG: stdout=Kerberos 5 version 1.13.2 ipa: DEBUG: stderr= ipa: DEBUG: importing plugin module ipalib.plugins.radiusproxy ipa: DEBUG: importing plugin module ipalib.plugins.realmdomains ipa: DEBUG: importing plugin module ipalib.plugins.role ipa: DEBUG: importing plugin module ipalib.plugins.rpcclient ipa: DEBUG: importing plugin module ipalib.plugins.selfservice ipa: DEBUG: importing plugin module ipalib.plugins.selinuxusermap ipa: DEBUG: importing plugin module ipalib.plugins.server ipa: DEBUG: importing plugin module ipalib.plugins.service ipa: DEBUG: importing plugin module ipalib.plugins.servicedelegation ipa: DEBUG: importing plugin module ipalib.plugins.session ipa: DEBUG: importing plugin module ipalib.plugins.stageuser ipa: DEBUG: importing plugin module ipalib.plugins.sudocmd ipa: DEBUG: importing plugin module ipalib.plugins.sudocmdgroup ipa: DEBUG: importing plugin module ipalib.plugins.sudorule ipa: DEBUG: importing plugin module ipalib.plugins.topology ipa: DEBUG: importing plugin module ipalib.plugins.trust ipa: DEBUG: importing plugin module ipalib.plugins.user ipa: DEBUG: importing plugin module ipalib.plugins.vault ipa: DEBUG: importing plugin module ipalib.plugins.virtual ipa: DEBUG: failed to find session_cookie in persistent storage for principal '[email protected]' ipa: INFO: trying https://xx/ipa/json ipa: DEBUG: Created connection context.rpcclient_140659301866000 ipa: DEBUG: raw: user_find(u'devop', whoami=False, all=False, raw=False, version=u'2.164', no_members=False) ipa: DEBUG: user_find(u'devop', whoami=False, all=False, raw=False, version=u'2.164', no_members=False, pkey_only=False) ipa: INFO: Forwarding 'user_find' to json server 'https://xx/ipa/json' ipa: DEBUG: NSSConnection init xx ipa: DEBUG: Connecting: 10.21.117.149:0 ipa: DEBUG: approved_usage = SSL Server intended_usage = SSL Server ipa: DEBUG: cert valid True for "CN=xx,O=YYDEVOPS.COM" ipa: DEBUG: handshake complete, peer = 10.21.117.149:443 ipa: DEBUG: Protocol: TLS1.2 ipa: DEBUG: Cipher: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ipa: DEBUG: Destroyed connection context.rpcclient_140659301866000 ipa: ERROR: error marshalling data for XML-RPC transport: message: need a <type 'unicode'>; got 'No valid Negotiate header in server response' (a <type 'str'>) # klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 08/29/2022 20:40:14 08/30/2022 20:40:07 krbtgt/[email protected] Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 08/29/2022 20:40:31 08/30/2022 20:40:07 HTTP/[email protected] Etype (skey, tkt): des3-cbc-sha1, des3-cbc-sha1 # klist -kte /etc/apache2/ipa.keytab Keytab name: FILE:/etc/apache2/ipa.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 4 08/29/2022 19:30:22 HTTP/xx (arcfour-hmac) 5 08/29/2022 19:30:42 HTTP/xx (camellia128-cts-cmac) 6 08/29/2022 19:30:46 HTTP/xx (camellia256-cts-cmac) 7 08/29/2022 19:33:02 HTTP/xx (camellia128-cts-cmac) 8 08/29/2022 19:33:41 HTTP/xx (aes128-cts-hmac-sha1-96) 9 08/29/2022 19:33:47 HTTP/xx (aes256-cts-hmac-sha1-96) 10 08/29/2022 19:35:05 HTTP/xx (des3-cbc-sha1) _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
