[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-11-28 Thread Alexander Bokovoy via FreeIPA-users
On Чцв, 07 вер 2023, Sam Morris via FreeIPA-users wrote: On 07/09/2023 13:35, Alexander Bokovoy via FreeIPA-users wrote: On Чцв, 07 вер 2023, Sam Morris wrote: On Wed, Sep 06, 2023 at 02:50:32PM +0300, Alexander Bokovoy via FreeIPA-users wrote: It would help to see logs (krb5kdc.log) from

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-07 Thread Sam Morris via FreeIPA-users
On 07/09/2023 13:35, Alexander Bokovoy via FreeIPA-users wrote: On Чцв, 07 вер 2023, Sam Morris wrote: On Wed, Sep 06, 2023 at 02:50:32PM +0300, Alexander Bokovoy via FreeIPA-users wrote: It would help to see logs (krb5kdc.log) from RHEL8 servers for this communication, both on ipa5/ipa6 and

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-07 Thread Alexander Bokovoy via FreeIPA-users
On Чцв, 07 вер 2023, Sam Morris wrote: On Wed, Sep 06, 2023 at 02:50:32PM +0300, Alexander Bokovoy via FreeIPA-users wrote: It would help to see logs (krb5kdc.log) from RHEL8 servers for this communication, both on ipa5/ipa6 and back to xoanon. I've created a script to test this

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-07 Thread Sam Morris via FreeIPA-users
On Wed, Sep 06, 2023 at 02:50:32PM +0300, Alexander Bokovoy via FreeIPA-users wrote: > It would help to see logs (krb5kdc.log) from RHEL8 servers for this > communication, both on ipa5/ipa6 and back to xoanon. I've created a script to test this automatically. [root@xoanon ~]# (set -eu;

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-06 Thread Alexander Bokovoy via FreeIPA-users
On Аўт, 05 вер 2023, Sam Morris wrote: On Tue, Sep 05, 2023 at 07:22:51PM +0100, Sam Morris via FreeIPA-users wrote: On Tue, Sep 05, 2023 at 08:14:28PM +0300, Alexander Bokovoy via FreeIPA-users wrote: > Since you are saying it started after May 2023, that might be actually > the 4.9.11

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-05 Thread Sam Morris via FreeIPA-users
On Tue, Sep 05, 2023 at 07:22:51PM +0100, Sam Morris via FreeIPA-users wrote: > On Tue, Sep 05, 2023 at 08:14:28PM +0300, Alexander Bokovoy via FreeIPA-users > wrote: > > Since you are saying it started after May 2023, that might be actually > > the 4.9.11 change. This would affect services which

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-05 Thread Sam Morris via FreeIPA-users
On Tue, Sep 05, 2023 at 08:14:28PM +0300, Alexander Bokovoy via FreeIPA-users wrote: > Since you are saying it started after May 2023, that might be actually > the 4.9.11 change. This would affect services which have no constrained > delegation rules on defined. I guess that explains why, if I

[Freeipa-users] Re: Constrained delegation for host/service principals broken on RHEL 8 servers?

2023-09-05 Thread Alexander Bokovoy via FreeIPA-users
On Аўт, 05 вер 2023, Sam Morris via FreeIPA-users wrote: On Mon, Sep 04, 2023 at 06:43:02PM +0100, Sam Morris via FreeIPA-users wrote: I get the same when I run it on ipa3 (also running RHEL 8). I changed 'server' in /etc/ipa/default.conf to point to this server and I see the same errors: