On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote:
> There was something going on with a firewall blocking something and that
> windows host didn't have a cert yet. But still:
> Using Kerberos authentication
> Using principal fh@REALM
> Got host ticket host/test-server-ipa.domain@REALM
> Using username "fh".
> Successful Kerberos connection
> Last login: Mon Jan 7 07:38:19 2013 from ipa-w7.domain
> [fh@test-server-ipa ~]$ klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1554800011)
> klist on the host shows all tickets are forwordable and the forwarding
> option in both putty versions is on.
yes, but the other flag is used by Windows to check if the target
service can be trusted, see e.g. the 'How do I use delegation?' section
on http://support.microsoft.com/kb/266080 .
> Which version of FreeIPA are you using? There are issues in older
> > version which prevents kadmin.local from working.
> The default stable:
> [root@auth-ipa ssl_for_ipa-w7]# rpm -qa |grep ipa-
I'll set up a server and check why kadmin.local is not working.
Freeipa-users mailing list