Hi guys

I've just installed a RHEL7 server with ipa-server 4.2.0...

Everything seems to work fine, until I add a service principle:

(Running on a client, after a kinit)

[root@dantooine ~]# ipa-getkeytab -s naboo.outerrim.lan -p 
HTTP/naboo.outerrim....@outerrim.lan -k /etc/krb5.keytab
Keytab successfully retrieved and stored in: /etc/krb5.keytab

After running the command, the web-interface returns:

The password or username you entered is incorrect.

when I try to login, and the "ipa" command has stopped working as well (both on 
the server and client):

[root@dantooine ~]# ipa user-show admin
ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: 
Unspecified GSS failure.  Minor code may provide more information (KDC returned 
error string: 2ND_TKT_SERVER)
[root@dantooine ~]# 
[root@dantooine ~]# kdestroy
[root@dantooine ~]# kinit admin
Password for ad...@outerrim.lan: 
[root@dantooine ~]# ipa user-show admin
ipa: ERROR: cannot connect to 'https://naboo.outerrim.lan/ipa/json': 

/var/log/httpd/error_log on the server gives me:

ValueError: non-generic 'CCacheError' needs format=None; got 
format="(-1765328353, 'Decrypt integrity check failed')"

What did I do wrong here???


Martin Juhl

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to