On Tue, 17 Mar 2015, Ben .T.George wrote:
Hi

i did kinit

[root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
kinit: Keytab contains no suitable keys for
host/kwtpocpbis01.solaris.local@SOLARIS.LOCAL while getting initial
credentials


i destroyed and re-created. but still same
What did you destroy?

Why did you need to touch /etc/dirsrv/ds.keytab at all? It contains key
for ldap/kwtpocpbis01.solaris.local@SOLARIS.LOCAL that your LDAP server
is using. It has nothing to do with your host/... principal.

If your sssd cannot authenticate against AD DC, it means trust is *not*
working and anything else is fruitless unless you fix it.
hat do you see
in /var/log/httpd/error_log as result of dumping netr_LogonControl2Ex structure?


Can you follow
http://www.freeipa.org/page/Active_Directory_trust_setup#Debugging_trust
and tell what do you see in /var/log/httpd/error_log as result of
dumping netr_LogonControl2Ex structure?

We went through this few weeks ago and I'm not seeing what did you
broke.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to