Hello the list,
It looks like sssd's horrible logging messages were to blame. It looks like
when the keytab was initially deployed the system time between the IPA
server and the host were not quite in sync and the keytab was invalidated. I
redeployed the host's keytab (which because SLES lacks
Great, it helped.
googled it at
https://www.redhat.com/archives/freeipa-users/2014-March/msg00044.html
Thanks a lot!
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
On 12/04/2017 03:57 PM, skrawczenko--- via FreeIPA-users wrote:
Hello all, i suppose the issue is quite typical but still unable to find any
solution.
All i need is to run some ipa cli commands from scripts with preliminary kinit
I manage to authenticate as
kinit -F -k -t
That allows me to
Hello all, i suppose the issue is quite typical but still unable to find any
solution.
All i need is to run some ipa cli commands from scripts with preliminary kinit
I manage to authenticate as
kinit -F -k -t
That allows me to use ldap for example, i can do ldapsearch -Y GSSAPI etc
However,
UPDATE:
The principle info wrong. I did this and the error hasnt shown up since:
[root@ipa-02 ~]# ipa-getkeytab --keytab=/etc/krb5.keytab --server ipa-01 -p
host/ipa-02 --retrieve
Keytab successfully retrieved and stored in: /etc/krb5.keytab
Thanks for all your help.
On Monday, 4 December
On Mon, Dec 04, 2017 at 09:37:41AM +, James Harrison wrote:
> I ran the ipa-getkeytab command you suggested below:
> This was what I got:BTW: TheIPAUSER is an admin user, but not the "admin"
> user. I got the same result with the admin user.
>
>
> ~] IPA-02 # kinit IPAUSER Password for
I ran the ipa-getkeytab command you suggested below:
This was what I got:BTW: TheIPAUSER is an admin user, but not the "admin" user.
I got the same result with the admin user.
~] IPA-02 # kinit IPAUSER Password for x_ipau...@int.example.com:
~] IPA-02 # ipa-getkeytab