On Wed, Mar 20, 2024 at 9:52 PM Florence Renaud <[email protected]> wrote: > > > > > On 20 Mar 2024, at 16:38, Ian Kumlien <[email protected]> wrote: > > > > On Wed, Mar 20, 2024 at 3:52 PM Ian Kumlien <[email protected]> wrote: > >> > >>> On Wed, Mar 20, 2024 at 11:21 AM Florence Blanc-Renaud <[email protected]> > >>> wrote: > >>> > >>> Hi, > >>> > >>> On Wed, Mar 20, 2024 at 10:00 AM Ian Kumlien <[email protected]> > >>> wrote: > >>>> > >>>> On Wed, Mar 20, 2024 at 9:45 AM Ian Kumlien <[email protected]> > >>>> wrote: > >>>>> > >>>>> So... this one's new: > >>>>> > >>>>> Connection to https://freeipa-1.xerces.lan/ipa/json failed with > >>>>> Insufficient access: SASL(-1): generic failure: GSSAPI Error: > >>>>> Unspecified GSS failure. Minor code may provide more information > >>>>> (Credential cache is empty) > >>> > >>> > >>> this one can happen if you have an existing ticket in your cache, for > >>> instance from a previous installation, but that is not valid anymore. > >> > >> Ah, ok, i did do kdestroy -A but only on the new machine... > >> > >> A new issue that appeared, no user from the old machines can > >> authenticate at all - still looking in to why it doesn't work > > > > Disabling MS-PAC fixed this issue, will have to dig in to why it was later > > =) > > > > Any clues? > Your users are probably missing a SID. Run ipa config-mod —enable-sid > —add-sids and check with ipa user-show —all —raw that they contain an > ipantsecurityidentifier attribute.
Uhm, nope, changed nothing it seems... leaving ms-pac disabled works however > HTH, > flo > > > > >>> flo > >>>> > >>>>> --- > >>>>> > >>>>> Just haven't seen it before... and it seems like the replica can't > >>>>> install, unlike the two that worked before... > >>>> > >>>> And all of the sudden it just works again... weird... > >>>> > > > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
