On 12/18/2012 06:24 AM, Johan Petersson wrote:
Hi,
Unfortunately i still get the same error from the Appliance even after having
added both host and nfs principals in the IPA web interface.
"failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error:
43787522 (Operation requires ``add'' privilege)"
I get the impression that the Appliance does not recognize existing principals
since i still get the same create principal error.
So it seems that it does not cope with pre existing principals, at least not
from IPA Server.
I will contact Oracle about this issue and see what they say.
Thank you for your help,
Johan.
We have these ZFS Storage Appliances at work too. There is a way to
access the root shell of the ZFS Storage Appliance. It's been a long
time since I've done it, but a quick googelig turned up this:
http://weblogs.java.net/blog/kohsuke/archive/2009/01/under_the_hood.html
Hopefully the "scp" commands still exists when you get access to the
shell of the Solaris OS, so you can copy the pre-created keytab into
/etc/krb5/krb5.keytab.
CAUTION! The /etc/krb5/krb5.keytab is by default shared between the CIFS
server and the NFS server. This file will already contain the keytab for
the CIFS/SMB service if you have already joined the ZFS Storage
Appliance to AD. In which case copy the pre-created keytab from IPA into
/etc/krb5/krb5.keytab-IPA, and use ktutil to merge the two files together.
I see I've kept the keytab from my AD in the beginning of the file and
added the keytab from IPA to the end of the file. I do recall there
being some significance to doing it this way.
I've written this howto for NexentaStor a while back. Perhaps this will
be of some assistance to complete the configuration of the ZFS Storage
Appliance too?
https://www.redhat.com/archives/freeipa-users/2011-July/msg00033.html
Please let me know how you get on.
Regards,
Siggi
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users