On Tue, Jan 06, 2015 at 08:13:17PM +0300, Ben .T.George wrote: > HI > > thanks for the replay. > > please find below output.it's asking for password and accepting that. but > something wrong > > [root@kwtpocpbis01 ~]# kinit -C adm-ben.geo...@kwttestdc.com > Password for adm-ben.geo...@kwttestdc.com: > > [root@kwtpocpbis01 ~]# getent passwd adm-ben.george
Please try getent passwd adm-ben.geo...@kwttestdc.com We use fully-qualified names to avoid name collisions. Does the kvno command work? bye, Sumit > > [root@kwtpocpbis01 ~]# id adm-ben.george > id: adm-ben.george: no such user > > Regards, > Ben > > On Tue, Jan 6, 2015 at 8:03 PM, Sumit Bose <sb...@redhat.com> wrote: > > > On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote: > > > Hi > > > > > > I Tried on IPA server and below is my output: > > > > > > [root@kwtpocpbis01 ~]# kinit adm-ben.geo...@kwttestdc.com > > > Password for adm-ben.geo...@kwttestdc.com: > > > kinit: KDC reply did not match expectations while getting initial > > > credentials > > > > > > how can i troubleshot this issue.? > > > > The argument to kinit is a Kerberos principal which is handled > > case-sensitive by kinit. To get around the error message either use > > > > kinit -C adm-ben.geo...@kwttestdc.com > > > > or > > > > kinit adm-ben.geo...@kwttestdc.com > > > > (typically the realm part is upper-case, if your user name contains > > upper-case letters as well you should use them here as well, if you > > don't know 'kinit -C' might be the better solution) > > > > HTH > > > > bye, > > Sumit > > > > > > Thanks & Regards, > > > Ben > > > > > > > > > On Tue, Jan 6, 2015 at 6:41 PM, Sumit Bose <sb...@redhat.com> wrote: > > > > > > > On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote: > > > > > On 01/05/2015 08:35 PM, Ben .T.George wrote: > > > > > > > > > > > >Hi LIst, > > > > > > > > > > > >how to check IPA <-> Active directory trust relationship . i just > > want > > > > to > > > > > >confirm my ipa server is working fine. > > > > > > > > > > On an IPA server or client machine: > > > > > $ kinit adusern...@addomain.com > > > > > Password: aduserpassword > > > > > > > > > > If there are no AD users yet, you can try with > > > > administra...@addomain.com > > > > > assuming you have the AD admin password. > > > > > > > > Additionally you have to check if the AD user can get a ticket for an > > IPA > > > > service e.g. after calling kinit with the AD user call > > > > > > > > kvno ldap/ipaserver.ipa.domain@IPA.DOMAIN > > > > > > > > bye, > > > > Sumit > > > > > > > > > > > > > > > > > > > > >Regards, > > > > > >Ben > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Manage your subscription for the Freeipa-users mailing list: > > > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > Go To http://freeipa.org for more info on the project > > > > > > > > -- > > > > Manage your subscription for the Freeipa-users mailing list: > > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > Go To http://freeipa.org for more info on the project > > > > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project