On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote:
> There was something going on with a firewall blocking something and that
> windows host didn't have a cert yet. But still:
> Using Kerberos authentication
> Using principal fh@REALM
> Got host ticket host/test-server-ipa.domain@REALM
> Using username "fh".
> Successful Kerberos connection
> Last login: Mon Jan  7 07:38:19 2013 from ipa-w7.domain
> [fh@test-server-ipa ~]$ klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1554800011)
> klist on the host shows all tickets are forwordable and the forwarding
> option in both putty versions is on.

yes, but the other flag is used by Windows to check if the target
service can be trusted, see e.g. the 'How do I use delegation?' section
on http://support.microsoft.com/kb/266080 .

> Which version of FreeIPA are you using? There are issues in older
> > version which prevents kadmin.local from working.
> >
> The default stable:
> [root@auth-ipa ssl_for_ipa-w7]# rpm -qa |grep ipa-
> ipa-client-2.2.0-16.el6.x86_64
> ipa-pki-ca-theme-9.0.3-7.el6.noarch
> ipa-admintools-2.2.0-16.el6.x86_64
> ipa-server-selinux-2.2.0-16.el6.x86_64
> ipa-server-2.2.0-16.el6.x86_64
> ipa-pki-common-theme-9.0.3-7.el6.noarch
> ipa-python-2.2.0-16.el6.x86_64

I'll set up a server and check why kadmin.local is not working.


Freeipa-users mailing list

Reply via email to