Hello,
Encountered same issue as described here:
https://www.redhat.com/archives/freeipa-users/2013-July/msg00133.html
https://www.redhat.com/archives/freeipa-users/2014-August/msg00224.html
Plain vanilla IPA setup. No changes, no customizations.
Recently IPA fails to start. Error happened right
The DNS server service of AD is running.
I am able to resolve with nslookup command.
I have just restarted the named service and i am able to kinit again.
It looks like the named deamon, cannot recognize that the forwarder is back
online.
Is there some caching mechanism implemented for the forward
On Fri, 19 Sep 2014, Genadi Postrilko wrote:
I have recreated the "problem".
Rebooted the AD and now cannot kinit with AD users.
[root@ipaserver1 ~]# KRB5_TRACE=/dev/stdout kinit y...@blue.com
[22865] 1411157693.26121: Resolving unique ccache of type KEYRING
[22865] 1411157693.26167: Getting ini
Thank you all, will investigate the requirements of host keytabs, and if
there is a way around it by having it shared but secure for our context.
On 18 September 2014 23:04, Dmitri Pal wrote:
> On 09/18/2014 10:12 AM, Walid A. Shaari wrote:
>
> Hi,
>
> we are going to have a use case of diskle
I have recreated the "problem".
Rebooted the AD and now cannot kinit with AD users.
[root@ipaserver1 ~]# KRB5_TRACE=/dev/stdout kinit y...@blue.com
[22865] 1411157693.26121: Resolving unique ccache of type KEYRING
[22865] 1411157693.26167: Getting initial credentials for y...@blue.com
[22865] 1411
On 09/19/2014 04:03 PM, Walid wrote:
Thank you all, will investigate the requirements of host keytabs, and
if there is a way around it by having it shared but secure for our
context.
Couple hints.
1. If you have a keytab stashed and the system was rebuilt you can now
rerun ipa-client-install