[Freeipa-users] ipa: ERROR: No valid Negotiate header in server response

[Grant Janssen via FreeIPA-users]

It appears I have resolved my certificate expiration 
issue<https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/KFQXY6V4UKYOWCGD4YCZTCSGFWVL3QK7/>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/KFQXY6V4UKYOWCGD4YCZTCSGFWVL3QK7/


But I have a another issue

grant@ef-idm01:~[20240229-10:11][#772]$ klist
Ticket cache: KCM:555
Default principal: gr...@production.efilm.com<mailto:gr...@production.efilm.com>

Valid starting       Expires              Service principal
02/29/2024 10:11:56  03/01/2024 09:42:34  
krbtgt/production.efilm....@production.efilm.com<mailto:krbtgt/production.efilm....@production.efilm.com>
grant@ef-idm01:~[20240229-10:12][#773]$ ipa user-find roland
ipa: ERROR: No valid Negotiate header in server response
grant@ef-idm01:~[20240229-10:12][#774]$ ipa server-find
ipa: ERROR: No valid Negotiate header in server response
grant@ef-idm01:~[20240229-10:18][#775]$ sudo systemctl status gssproxy.service
[sudo] password for grant:
● gssproxy.service - GSSAPI Proxy Daemon
   Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor 
preset: disabled)
   Active: active (running) since Tue 2024-02-20 13:57:40 PST; 1 weeks 1 days 
ago
  Process: 2158008 ExecStart=/usr/sbin/gssproxy -D (code=exited, 
status=0/SUCCESS)
 Main PID: 2158009 (gssproxy)
    Tasks: 6 (limit: 74714)
   Memory: 10.5M
   CGroup: /system.slice/gssproxy.service
           └─2158009 /usr/sbin/gssproxy -D

Feb 20 13:57:40 
ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: 
gssproxy.service: Succeeded.
Feb 20 13:57:40 
ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: 
Stopped GSSAPI Proxy Daemon.
Feb 20 13:57:40 
ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: 
Starting GSSAPI Proxy Daemon...
Feb 20 13:57:40 
ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: 
Started GSSAPI Proxy Daemon.
grant@ef-idm01:~[20240229-10:18][#776]$

I searched online for some references and it was suggested I generate the 
/var/lib/ipa/gssproxy/http.keytab
The keytab file appears OKAY to me though.

I would like to get this issue behind me
thanx

- grant


--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue