On Wed, 2012-02-15 at 20:49 +0100, Sigbjorn Lie wrote: > Hi, > > I see that the documentation for configuring kerberos on Solaris has > changed since the last time I looked. > > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10 > > kclient fails if I pre-create the account in IPA, and attempt to kclient > configure the client. If I don't, it successfully retreives a keytab for > the host, but I'm unable to add the host as a host in IPA as the > kerberos principal is already used. > > I suppose there is a LDAP ACL preventing me from doing this? > > Can I work around this somehow, having the host account in IPA and using > kclient to configure Solaris hosts at the same time?
Sigbjorn, running kadmind in FreeIPA < 2.2 is completely unsupported and there are ACLs that explicitly prevent it from changing data in LDAP. I will investigate about those instructions and correct them as necessary, they appear incorrect. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users