Lager, Nathan T. wrote:
----- Original Message -----
From: "Rob Crittenden" <rcrit...@redhat.com>
To: "Nathan Lager" <lag...@lafayette.edu>
Sent: Tuesday, September 18, 2012 5:17:00 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
Ok, what are the permissions on the keytab,
They should be apache:apache mode 0600.
[lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab
-rw-------. apache apache unconfined_u:object_r:httpd_config_t:s0
Are you in SELinux enforcing mode? Can you try in permissive to see if
I was enforcing at the start of all of this, but ive since switched to
permissive for troubleshooting. It hasnt made a difference.
Are you getting an HTTP service principal in the client?
$ kinit admin
$ ipa user-show admin
$ klist -fea
Lets try to skip s4u2proxy. Does this work:
$ ipa --delegate user-show admin
Unfortunately the major and minor error codes are as generic as can be
so they aren't any help at all.
Freeipa-users mailing list