Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

Great! That worked. Thank you so much Rob. Your help is highly appreciated. On Thu, Aug 25, 2016 at 3:49 PM, Rob Crittenden wrote: > Linov Suresh wrote: > >> I ran ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02 >> is missing on both master and replica servers. Do we need to a

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

Linov Suresh wrote: I ran ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02 is missing on both master and replica servers. Do we need to add IPA server 2, ipa02 on both master and replica? No, it should replicate. I find it very strange that these are missing. I wonder what el

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

I ran ldapsearch -Y GSSAPI, what we are seeing is IPA server 2, ipa02 is missing on both master and replica servers. Do we need to add IPA server 2, ipa02 on both master and replica? *[root@ipa01 ~]# ldapsearch -Y GSSAPI -H ldap://ipa01.teloip.net -b "cn=s4u2proxy,cn=et

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

IPA Server 1 do not have HTTP as well as ldap principal. Just wondering how do we add HTTP and ldap principal to the delegation list using ldapmodify. I'm new to IPA, your help is appreciated. On Wed, Aug 24, 2016 at 4:32 PM, Rob Crittenden wrote: > Linov Suresh wrote: > >> Look like our issue

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

Linov Suresh wrote: Look like our issue is discussed here, and *is **missing one or more memberPrincipal*. https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html When I tried to add the Principal, I'm getting error, You didn't follow the instructions in the e-mail thread. The

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

Look like our issue is discussed here, and *is **missing one or more memberPrincipal*. https://www.redhat.com/archives/freeipa-users/2013-April/msg00228.html When I tried to add the Principal, I'm getting error, [root@ipa01 ~]# kadmin.local Authenticating as principal admin/ad...@teloip.net wit

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

On 08/16/2016 09:25 AM, Petr Spacek wrote: > On 15.8.2016 20:18, Linov Suresh wrote: >> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0 >> >> >> We can only add the clients from IPA Server 01, not from IPA Server 02. >> When I tried to add the client from IPA Server 02, getting the erro

Re: [Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

On 15.8.2016 20:18, Linov Suresh wrote: > We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0 > > > We can only add the clients from IPA Server 01, not from IPA Server 02. > When I tried to add the client from IPA Server 02, getting the error, > > > ipa: ERROR: Insufficient access: SASL

[Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0 We can only add the clients from IPA Server 01, not from IPA Server 02. When I tried to add the client from IPA Server 02, getting the error, ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS fai

[Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE

We have FreeIPA 3.0.0 running on CentOS 6.4 and master-ipa01 (configured with --setup-ca option) and replica- ipa02 (configured without --setup-ca) option. We use a script ipa clients to the server, when we tried to add new ipa clients, we are getting error, *ipa: ERROR: Insufficient access: SASL