> -----Original Message-----
> 
> My syntax was all wrong. (Does anyone know how can I clear out bad syntax from
> the systemctld output?)
> 
> Anyway, I have a running dirsrv, but SMB still fails, and it's failing on 
> winbind first
> (see notes below). It looks like it's because there's no Kerberos server 
> available.
> Indeed, kinit admin is still failing. I think that when I ran 
> ipa-adtrust-install I said no
> to creating sids for local users.
> 
> I'm beginning to think that is the root error, but have a feeling that 
> winbind isn't
> helping either.
> 
> 
> Does this seem more likely?


After some more work on this, I see from this documentation that winbind is 
required:

http://www.freeipa.org/page/Active_Directory_trust_setup#Edit_.2Fetc.2Fkrb5.conf

(although we are only using one way trusts - does that change anything?)


Also, after getting a lot of errors that looked like

krb5kdc: cannot initialize realm UNIX.CO.ORG.AU - see log file for details

Server error - while fetching master key K/M for realm UNIX.CO.ORG.AU

I thought maybe it was because I'd created the realm with lower case - I had a 
file /var/kerberos/krb5kdc/.k5.unix.co.org.au

So I tried destroying that and creating a UNIX.CO.ORG.AU although now I have a 
new problem - 

add_principal: Kerberos database constraints violated while creating 
UNIX.CO.ORG.AU

I discover that I'm meant to use ipa service-add (I presume 
cifs/UNIX.CO.ORG.AU), but that fails bc no Kerberos credentials.

Now everything I google takes me, essentially, to the "install ipa" page.

Should I just run ipa-server-install and  ipa-adtrust-install again? Does that 
re-write all the important things? Or should I yum remove, then yum install 
again? (if this is the solution I should try)....

Cheers
L.



This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to