[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Vinícius Ferrão wrote: > Hi guys! Good news. > >> On 15 Feb 2021, at 20:11, Rob Crittenden > > wrote: >> >> Vinícius Ferrão via FreeIPA-users wrote: >>> Hi Robbie. >>> On 15 Feb 2021, at 18:45, Robbie Harwood >>> > wrote:

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Hi guys! Good news. On 15 Feb 2021, at 20:11, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: Vinícius Ferrão via FreeIPA-users wrote: Hi Robbie. On 15 Feb 2021, at 18:45, Robbie Harwood mailto:rharw...@redhat.com>> wrote: Vinícius Ferrão writes: [10/Feb/2021:23:05:57.501853962 -0300]

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Vinícius Ferrão via FreeIPA-users wrote: > Hi Robbie. > >> On 15 Feb 2021, at 18:45, Robbie Harwood wrote: >> >> Vinícius Ferrão writes: >> >>> [10/Feb/2021:23:05:57.501853962 -0300] conn=92 op=1 RESULT err=49 tag=97 >>> nentries=0 etime=0.001927716 - SASL(-1): generic failure: GSSAPI Error:

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Hi Robbie. > On 15 Feb 2021, at 18:45, Robbie Harwood wrote: > > Vinícius Ferrão writes: > >> [10/Feb/2021:23:05:57.501853962 -0300] conn=92 op=1 RESULT err=49 tag=97 >> nentries=0 etime=0.001927716 - SASL(-1): generic failure: GSSAPI Error: >> Unspecified GSS failure. Minor code may

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Vinícius Ferrão writes: > [10/Feb/2021:23:05:57.501853962 -0300] conn=92 op=1 RESULT err=49 tag=97 > nentries=0 etime=0.001927716 - SASL(-1): generic failure: GSSAPI Error: > Unspecified GSS failure. Minor code may provide more information (Cannot > create replay cache file /var/tmp/ldap_389:

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Vinícius Ferrão wrote: > Hi Rob. > >> On 15 Feb 2021, at 10:58, Rob Crittenden > > wrote: >> >> Vinícius Ferrão wrote: >>> Hi Rob. >>> >>> Actually nothing that relies on Kerberos Keytabs is working. >> >> Kerberos is working. The kinit was successful. > > Sorry

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Hi Rob. On 15 Feb 2021, at 10:58, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: Vinícius Ferrão wrote: Hi Rob. Actually nothing that relies on Kerberos Keytabs is working. Kerberos is working. The kinit was successful. Sorry perhaps I didn’t say it correctly. In fact Kerberos is working

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Vinícius Ferrão wrote: > Hi Rob. > > Actually nothing that relies on Kerberos Keytabs is working. Kerberos is working. The kinit was successful. > I can properly issue kinit’s and login, but I can’t use ‘ipa’ commands > for instance. named-pkcs11 is only starting up because I’ve changed the >

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Hi Rob. Actually nothing that relies on Kerberos Keytabs is working. I can properly issue kinit’s and login, but I can’t use ‘ipa’ commands for instance. named-pkcs11 is only starting up because I’ve changed the authentication method on /etc/named.conf: /* WARNING: This part of the config

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Just to confirm, the system is working with the exception of ipa-dnskeysyncd.service? Does this work? # kinit -kt /etc/ipa/dnssec/ipa-dnskeysyncd.keytab ipa-dnskeysyncd/neumann2.cluster.cetene.gov.br # ipa user-show admin This will get a ticket and then use that ticket. rob Vinícius Ferrão

[Freeipa-users] Re: Kerberos appears to be broken on a FreeIPA server on CentOS 7.8

Hello, I still not sure of what is happening but, I got some interesting error message on ipa-healthcheck: [root@neumann2 keytabs]# ipa-healthcheck --failures-only --output-type human CRITICAL: ipahealthcheck.ipa.dna.IPADNARangeCheck: Insufficient access: Invalid credentials ERROR: