Hi guys I've just installed a RHEL7 server with ipa-server 4.2.0...
Everything seems to work fine, until I add a service principle: (Running on a client, after a kinit) [root@dantooine ~]# ipa-getkeytab -s naboo.outerrim.lan -p HTTP/naboo.outerrim....@outerrim.lan -k /etc/krb5.keytab Keytab successfully retrieved and stored in: /etc/krb5.keytab After running the command, the web-interface returns: The password or username you entered is incorrect. when I try to login, and the "ipa" command has stopped working as well (both on the server and client): [root@dantooine ~]# ipa user-show admin ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (KDC returned error string: 2ND_TKT_SERVER) [root@dantooine ~]# [root@dantooine ~]# kdestroy [root@dantooine ~]# kinit admin Password for ad...@outerrim.lan: [root@dantooine ~]# ipa user-show admin ipa: ERROR: cannot connect to 'https://naboo.outerrim.lan/ipa/json': Unauthorized /var/log/httpd/error_log on the server gives me: ValueError: non-generic 'CCacheError' needs format=None; got format="(-1765328353, 'Decrypt integrity check failed')" What did I do wrong here??? Regards Martin Juhl -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project