It appears I have resolved my certificate expiration issue<https://lists.fedorahosted.org/archives/list/[email protected]/thread/KFQXY6V4UKYOWCGD4YCZTCSGFWVL3QK7/> https://lists.fedorahosted.org/archives/list/[email protected]/thread/KFQXY6V4UKYOWCGD4YCZTCSGFWVL3QK7/
But I have a another issue grant@ef-idm01:~[20240229-10:11][#772]$ klist Ticket cache: KCM:555 Default principal: [email protected]<mailto:[email protected]> Valid starting Expires Service principal 02/29/2024 10:11:56 03/01/2024 09:42:34 krbtgt/[email protected]<mailto:krbtgt/[email protected]> grant@ef-idm01:~[20240229-10:12][#773]$ ipa user-find roland ipa: ERROR: No valid Negotiate header in server response grant@ef-idm01:~[20240229-10:12][#774]$ ipa server-find ipa: ERROR: No valid Negotiate header in server response grant@ef-idm01:~[20240229-10:18][#775]$ sudo systemctl status gssproxy.service [sudo] password for grant: ● gssproxy.service - GSSAPI Proxy Daemon Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2024-02-20 13:57:40 PST; 1 weeks 1 days ago Process: 2158008 ExecStart=/usr/sbin/gssproxy -D (code=exited, status=0/SUCCESS) Main PID: 2158009 (gssproxy) Tasks: 6 (limit: 74714) Memory: 10.5M CGroup: /system.slice/gssproxy.service └─2158009 /usr/sbin/gssproxy -D Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: gssproxy.service: Succeeded. Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: Stopped GSSAPI Proxy Daemon. Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: Starting GSSAPI Proxy Daemon... Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com> systemd[1]: Started GSSAPI Proxy Daemon. grant@ef-idm01:~[20240229-10:18][#776]$ I searched online for some references and it was suggested I generate the /var/lib/ipa/gssproxy/http.keytab The keytab file appears OKAY to me though. I would like to get this issue behind me thanx - grant
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
