Lager, Nathan T. wrote:


----- Original Message -----
From: "Rob Crittenden" <rcrit...@redhat.com>
To: "Nathan Lager" <lag...@lafayette.edu>
Cc: freeipa-users@redhat.com
Sent: Tuesday, September 18, 2012 5:17:00 PM
Subject: Re: [Freeipa-users] sudden ipa errors.

Ok, what are the permissions on the keytab,
/etc/httpd/conf/ipa.keytab?
They should be apache:apache mode 0600.

[lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab
-rw-------. apache apache unconfined_u:object_r:httpd_config_t:s0 
/etc/httpd/conf/ipa.keytab


Are you in SELinux enforcing mode? Can you try in permissive to see if
that works?
I was enforcing at the start of all of this, but ive since switched to 
permissive for troubleshooting.  It hasnt made a difference.

Are you getting an HTTP service principal in the client?

$ kdestroy
$ kinit admin
$ ipa user-show admin
<fail>
$ klist -fea

Lets try to skip s4u2proxy. Does this work:

$ ipa --delegate user-show admin

Unfortunately the major and minor error codes are as generic as can be so they aren't any help at all.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to