> Does anyone know why certmonger is looking for a keytab for > host/det-webdl01@. instead of > host/host/det-webdl01.sub.example....@example.com?
In order to authenticate to the IPA server, the client software needs credentials. In order to obtain those credentials, it needs to figure out the client system's principal name. The function it uses to do this derives that principal name by doing a lookup to discover the client host's canonical name, and in this case that appears to be returning the shorter name. I'd check the result of running 'getent hosts `hostname`', and if /etc/hosts has an entry for the hostname that lists the short version first. HTH, Nalin /etc/hosts has both sort and FQDN. I removed the sort and and resubmitted the certificate. That resolved my issue. should I completely remove the short name or is there a way to work around this? _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users