Thanks a lot for your quick reply. Problem has solved itself in the
meanwhile. I failed to run ipa-server-certinstall as I said. Upon
resetting the date/time of the server to the current time it suddenly
worked.
Best,
Andreas
Rob Crittenden via FreeIPA-users [29 Aug
2023 20:55]:
Andreas
I found that 'kinit -n' was prompting me for the password for
WELLKNOWN/anonym...@ipa.example.com. This happened on everal, but not
all clients.
After setting the environment variable KRB5_TRACE=/dev/stderr, the
useful parts of the output of 'kinit -n' were:
[826240] 1693432177.150062: PKINIT