I pursued that idea myself earlier but when getting the huge warranty void message when accessing a shell + that the file system was read-only i gave up. I will definitely look at it again and read the information you provided, thank you for your help. ________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Sigbjorn Lie [sigbj...@nixtra.com] Sent: Tuesday, December 18, 2012 21:48 To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Problem generating Oracle ZFS Storage Appliance host and nfs principals and keys to IPA/Free IPA.
On 12/18/2012 06:24 AM, Johan Petersson wrote: Hi, Unfortunately i still get the same error from the Appliance even after having added both host and nfs principals in the IPA web interface. "failed to create principal 'host/zfs1.home@HOME': libkadm5clnt error: 43787522 (Operation requires ``add'' privilege)" I get the impression that the Appliance does not recognize existing principals since i still get the same create principal error. So it seems that it does not cope with pre existing principals, at least not from IPA Server. I will contact Oracle about this issue and see what they say. Thank you for your help, Johan. We have these ZFS Storage Appliances at work too. There is a way to access the root shell of the ZFS Storage Appliance. It's been a long time since I've done it, but a quick googelig turned up this: http://weblogs.java.net/blog/kohsuke/archive/2009/01/under_the_hood.html Hopefully the "scp" commands still exists when you get access to the shell of the Solaris OS, so you can copy the pre-created keytab into /etc/krb5/krb5.keytab. CAUTION! The /etc/krb5/krb5.keytab is by default shared between the CIFS server and the NFS server. This file will already contain the keytab for the CIFS/SMB service if you have already joined the ZFS Storage Appliance to AD. In which case copy the pre-created keytab from IPA into /etc/krb5/krb5.keytab-IPA, and use ktutil to merge the two files together. I see I've kept the keytab from my AD in the beginning of the file and added the keytab from IPA to the end of the file. I do recall there being some significance to doing it this way. I've written this howto for NexentaStor a while back. Perhaps this will be of some assistance to complete the configuration of the ZFS Storage Appliance too? https://www.redhat.com/archives/freeipa-users/2011-July/msg00033.html Please let me know how you get on. Regards, Siggi
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
