On 07/11/2012 04:01 PM, Qing Chang wrote:
> On 11/07/2012 3:23 PM, Simo Sorce wrote:
>> On Wed, 2012-07-11 at 15:21 -0400, Qing Chang wrote:
>>> Because the integration of Kerberos in IPA, Kerberos tools can be used
>>> only in limited
>>> situations, when creating afs/DOMAIN@REALM with kadmin, I got this
>>> error:
>>> add_principal: Kerberos database constraints violated while creating
>>> "afs/DOMAIN@REALM"
>> Use ipa service-add to add services, never use kadmin.local, it will not
>> work, we hard-coded failures in the DB driver to prevent users from
>> doing that as kadmin doesn't know where to put and how to properly fill
>> up objects.
>> However you can use kadmin.local on a pre-existing principal to obtain a
>> new keytab.
>> Simo.
> keytab with v4 salt was created successfully using kadmin,
> unfortunately OpenAFS
> still spit out th same error message:[root@smb1 ~]# fs setacl /afs
> system:anyuser rl
> fs: You don't have the required access rights on '/afs'
> When --force was used with ipa servcie-add to created
> still does not like the fact the is no host entry:
> [root@ipa2 tmp]# ipa service-add --force  afs/sri.utoronto.ca
> ipa: ERROR: The host 'sri.utoronto.ca' does not exist to add a service
> to.

Is there any problem of adding host entries into IPA?
ipa host-add will create a host entry. It is not mean that you have to
do something else with it.

> Thanks,
> Qing
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to