On 12/18/2012 06:24 AM, Johan Petersson wrote:

Unfortunately i still get the same error from the Appliance even after having 
added both host and nfs principals in the IPA web interface.

"failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error:
  43787522 (Operation requires ``add'' privilege)"

I get the impression that the Appliance does not recognize existing principals 
since i still get the same create principal error.
So it seems that it does not cope with pre existing principals, at least not 
from IPA Server.
I will contact Oracle about this issue and see what they say.

Thank you for your help,

We have these ZFS Storage Appliances at work too. There is a way to access the root shell of the ZFS Storage Appliance. It's been a long time since I've done it, but a quick googelig turned up this:


Hopefully the "scp" commands still exists when you get access to the shell of the Solaris OS, so you can copy the pre-created keytab into /etc/krb5/krb5.keytab.

CAUTION! The /etc/krb5/krb5.keytab is by default shared between the CIFS server and the NFS server. This file will already contain the keytab for the CIFS/SMB service if you have already joined the ZFS Storage Appliance to AD. In which case copy the pre-created keytab from IPA into /etc/krb5/krb5.keytab-IPA, and use ktutil to merge the two files together.

I see I've kept the keytab from my AD in the beginning of the file and added the keytab from IPA to the end of the file. I do recall there being some significance to doing it this way.

I've written this howto for NexentaStor a while back. Perhaps this will be of some assistance to complete the configuration of the ZFS Storage Appliance too?


Please let me know how you get on.


Freeipa-users mailing list

Reply via email to