Lager, Nathan T. wrote:

----- Original Message -----
From: "Rob Crittenden" <>
To: "Nathan Lager" <>
Sent: Tuesday, September 18, 2012 5:17:00 PM
Subject: Re: [Freeipa-users] sudden ipa errors.

Ok, what are the permissions on the keytab,
They should be apache:apache mode 0600.

[lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab
-rw-------. apache apache unconfined_u:object_r:httpd_config_t:s0 

Are you in SELinux enforcing mode? Can you try in permissive to see if
that works?
I was enforcing at the start of all of this, but ive since switched to 
permissive for troubleshooting.  It hasnt made a difference.

Are you getting an HTTP service principal in the client?

$ kdestroy
$ kinit admin
$ ipa user-show admin
$ klist -fea

Lets try to skip s4u2proxy. Does this work:

$ ipa --delegate user-show admin

Unfortunately the major and minor error codes are as generic as can be so they aren't any help at all.


Freeipa-users mailing list

Reply via email to