On Mon, 2016-12-19 at 17:26 +0100, Martin Basti wrote: > > On 19.12.2016 13:19, Brian J. Murrell wrote: > > On Mon, 2016-12-19 at 09:42 +0100, Martin Basti wrote: > > > Hello, > > > > > > could you recheck with SElinux in permissive mode? > > > > Yeah, still happens even after doing: > > > > # setenforce 0 > > > > Cheers, > > b. > > could you please kinit as service? > > > kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa- > dnskeysyncd/$(hostname)
# kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa-dnskeysyncd/server.example.com # klist Ticket cache: KEYRING:persistent:0:0 Default principal: ipa-dnskeysyncd/server.example....@example.com Valid starting Expires Service principal 19/12/16 15:20:20 20/12/16 15:20:20 krbtgt/example....@example.com Seems to have worked. FWIW, I was not asked for any password. Cheers, b.
Description: This is a digitally signed message part