On Wed, 2012-02-15 at 20:49 +0100, Sigbjorn Lie wrote:
> Hi,
> 
> I see that the documentation for configuring kerberos on Solaris has 
> changed since the last time I looked.
> 
> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10
> 
> kclient fails if I pre-create the account in IPA, and attempt to kclient 
> configure the client. If I don't, it successfully retreives a keytab for 
> the host, but I'm unable to add the host as a host in IPA as the 
> kerberos principal is already used.
> 
> I suppose there is a LDAP ACL preventing me from doing this?
> 
> Can I work around this somehow, having the host account in IPA and using 
> kclient to configure Solaris hosts at the same time?


Sigbjorn,
running kadmind in FreeIPA < 2.2 is completely unsupported and there are
ACLs that explicitly prevent it from changing data in LDAP.

I will investigate about those instructions and correct them as
necessary, they appear incorrect.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to