Flo, Thanks for this. I rebuilt the server again. Did the ipa-replica-install with no DNS or CA install, so just replica. This installed fine. then ran your tests
[root@ipa011 ~]# kinit -V -kt /etc/krb5.keytab host/[email protected] Using existing cache: 0 Using principal: host/[email protected] Using keytab: /etc/krb5.keytab Authenticated to Kerberos v5 [root@ipa011 ~]# kvno HTTP/[email protected] HTTP/[email protected]: kvno = 1 they look good, but when i kinit as myself... :( [root@ipa011 ~]# kinit -V nicholas.cross Using new cache: 0:13315 Using principal: [email protected] Password for [email protected]: kinit: Generic error (see e-text) while getting initial credentials from /var/log/krb5kdc.log on ipa011 the server i am trying to build. May 23 10:38:01 ipa011.ad.companyx.fm krb5kdc[4303](info): AS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes128-cts-hmac-sha1-96(17)}) 10.32.225.7: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required May 23 10:38:01 ipa011.ad.companyx.fm krb5kdc[4303](info): closing down fd 11 May 23 10:38:03 ipa011.ad.companyx.fm krb5kdc[4303](info): AS_REQ : handle_authdata (2) May 23 10:38:03 ipa011.ad.companyx.fm krb5kdc[4303](info): AS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes128-cts-hmac-sha1-96(17)}) 10.32.225.7: HANDLE_AUTHDATA: [email protected] for krbtgt/[email protected], No such file or directory May 23 10:38:03 ipa011.ad.companyx.fm krb5kdc[4303](info): closing down fd 11 May 23 10:38:06 ipa011.ad.companyx.fm krb5kdc[4303](info): AS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes128-cts-hmac-sha1-96(17)}) 10.32.17.117: NEEDED_PREAUTH: host/[email protected] for krbtgt/[email protected], Additional pre-authentication required May 23 10:38:06 ipa011.ad.companyx.fm krb5kdc[4303](info): closing down fd 11 May 23 10:38:06 ipa011.ad.companyx.fm krb5kdc[4303](info): preauth (spake) verify failure: Preauthentication failed May 23 10:38:06 ipa011.ad.companyx.fm krb5kdc[4303](info): AS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes128-cts-hmac-sha1-96(17)}) 10.32.17.117: PREAUTH_FAILED: host/[email protected] for krbtgt/[email protected], Preauthentication failed May 23 10:38:06 ipa011.ad.companyx.fm krb5kdc[4303](info): closing down fd 11 I hope this makes some sense? :) _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
