Hello Nathan,
you can file the bug on Red Hat Bugzilla (bugzilla.redhat.com), you can use
this link:
https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%206
Thanks in advance!
Martin
On 09/21/2012 05:53 PM, Nathan Lager wrote:
> Sure thing, can you point me to where
Sure thing, can you point me to where i'd do so? I usually have this
sort of thing taken care of via a RedHat support ticket. And the
support rep creates the bug report.
On 09/21/2012 11:19 AM, Dmitri Pal wrote:
>> That, might be worthy of a bug report.
>>
>>
> Can you please file one?
>
__
others wouldnt expire (because no one could
> change passwords).
>
> I had a hunch that because the policy was now set greater than the
> time its been since admin last changed his password, that ipa was
> getting confused when i attempted to change the expired pass. So i
> set
assword, that ipa was
getting confused when i attempted to change the expired pass. So i
set it back to 90. It let me change the expired password.
That, might be worthy of a bug report.
>
>
>> rob
>
>>>
>>>
>>> - Original Message -
>&
Nathan Lager wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/21/2012 10:18 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
Well, after all of this, RedHat support just resolved my issue!
It came down the the domain_realm definitions in /etc/krb5.conf.
They had me change:
[dom
entials
> rob
>
>>
>>
>> - Original Message -
>>> From: "Nathan Lager" To: "Rob
>>> Crittenden" Cc: freeipa-users@redhat.com
>>> Sent: Thursday, September 20, 2012 2:46:20 PM Subject: R
ay, September 20, 2012 2:46:20 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
On 09/20/2012 02:28 PM, Rob Crittenden wrote:
Nathan Lager wrote:
On 09/20/2012 11:43 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
- Original Message -
From: "Rob Crittenden" To: &quo
Message -
> From: "Nathan Lager"
> To: "Rob Crittenden"
> Cc: freeipa-users@redhat.com
> Sent: Thursday, September 20, 2012 2:46:20 PM
> Subject: Re: [Freeipa-users] sudden ipa errors.
> On 09/20/2012 02:28 PM, Rob Crittenden wrote:
> > Nathan Lager
tenden" To: "Nathan
>>>>> Lager" Cc: freeipa-users@redhat.com
>>>>> Sent: Wednesday, September 19, 2012 4:35:30 PM Subject:
>>>>> Re: [Freeipa-users] sudden ipa errors. Nathan Lager wrote:
>>>>>> -BEGIN PGP SIGNED MESSAGE--
On 09/20/2012 11:43 AM, Rob Crittenden wrote:
> Lager, Nathan T. wrote:
>>
>> - Original Message -
>>> From: "Rob Crittenden" To: "Nathan Lager"
>>> Cc: freeipa-users@redhat.com Sent:
>>> Wednesday, September 19, 2012
Nathan Lager wrote:
On 09/20/2012 11:43 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
- Original Message -
From: "Rob Crittenden" To: "Nathan Lager"
Cc: freeipa-users@redhat.com Sent:
Wednesday, September 19, 2012 4:35:30 PM Subject: Re:
[Freeipa-user
Lager, Nathan T. wrote:
- Original Message -
From: "Rob Crittenden"
To: "Nathan Lager"
Cc: freeipa-users@redhat.com
Sent: Wednesday, September 19, 2012 4:35:30 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
Nathan Lager wrote:
-BEGIN PGP SIGNED MESSAGE--
- Original Message -
> From: "Rob Crittenden"
> To: "Nathan Lager"
> Cc: freeipa-users@redhat.com
> Sent: Wednesday, September 19, 2012 4:35:30 PM
> Subject: Re: [Freeipa-users] sudden ipa errors.
> Nathan Lager wrote:
> > -
Nathan Lager wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/19/2012 03:47 PM, Rob Crittenden wrote:
Dmitri Pal wrote:
Rob, keytab and kerberos part seems to be fine, ldap works too.
Can it be one of the certs? May be some cert expired?
No, the error is coming from GSSAPI, it i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/19/2012 03:47 PM, Rob Crittenden wrote:
> Dmitri Pal wrote:
>>
>> Rob, keytab and kerberos part seems to be fine, ldap works too.
>> Can it be one of the certs? May be some cert expired?
>
> No, the error is coming from GSSAPI, it is unfortu
t;> From: "Rob Crittenden" To:
> >>>>>>> "Nathan Lager" Cc:
> >>>>>>> freeipa-users@redhat.com Sent: Tuesday, September 18,
> >>>>>>> 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa
> >&g
Lager wrote:
> >>>>
> >>>> On 09/19/2012 10:37 AM, Rob Crittenden wrote:
> >>>>> Lager, Nathan T. wrote:
> >>>>>>
> >>>>>> - Original Message -
> >>>>>>> From: "Rob Cri
AM, Rob Crittenden wrote:
>>>>> Lager, Nathan T. wrote:
>>>>>>
>>>>>> - Original Message -
>>>>>>> From: "Rob Crittenden" To:
>>>>>>> "Nathan Lager" Cc:
>>>>>>> freei
uesday, September 18, 2012 5:17:00 PM Subject: Re:
[Freeipa-users] sudden ipa errors.
Ok, what are the permissions on the keytab,
/etc/httpd/conf/ipa.keytab? They should be apache:apache
mode 0600.
[lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab
-rw--
o: "Nathan
>>>>> Lager" Cc: freeipa-users@redhat.com
>>>>> Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re:
>>>>> [Freeipa-users] sudden ipa errors.
>>>>>
>>>>> Ok, what are the permissions on the ke
Nathan Lager wrote:
On 09/19/2012 10:37 AM, Rob Crittenden wrote:
Lager, Nathan T. wrote:
- Original Message -
From: "Rob Crittenden" To: "Nathan Lager"
Cc: freeipa-users@redhat.com Sent:
Tuesday, September 18, 2012 5:17:00 PM Subject: Re:
[Freeipa-users] su
On 09/19/2012 10:37 AM, Rob Crittenden wrote:
> Lager, Nathan T. wrote:
>>
>> - Original Message -
>>> From: "Rob Crittenden" To: "Nathan Lager"
>>> Cc: freeipa-users@redhat.com Sent:
>>> Tuesday, September 18, 2012
Lager, Nathan T. wrote:
- Original Message -
From: "Rob Crittenden"
To: "Nathan Lager"
Cc: freeipa-users@redhat.com
Sent: Tuesday, September 18, 2012 5:17:00 PM
Subject: Re: [Freeipa-users] sudden ipa errors.
Ok, what are the permissions on the keytab,
/etc/h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/18/2012 04:37 PM, Nathan Lager wrote:
> [Tue Sep 18 16:27:06 2012] [debug] src/mod_auth_kerb.c(1597): [client
> 139.147.7.204] Done obtaining credentials for s4u2proxy, referer:
> https://caroline0.lafayette.edu/ipa/xml
> [Tue Sep 18 16:27:08 20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/18/2012 03:06 PM, Nathan Lager wrote:
> Sorry for falling off like that.
> I opened a RedHat ticket on the issue, and have been running in
> circles with them. I forgot to check on the list for responses.
>
>
> I'm still having problems. Someone
- Original Message -
> From: "Rob Crittenden"
> To: "Nathan Lager"
> Cc: freeipa-users@redhat.com
> Sent: Tuesday, September 18, 2012 5:17:00 PM
> Subject: Re: [Freeipa-users] sudden ipa errors.
>
> Ok, what are the permissions on the keytab,
&g
Nathan Lager wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
IM going to respond inline to avoid confusion.
On 09/18/2012 03:22 PM, Rob Crittenden wrote:
I think we need to start with the basics, so here is a slew of
questions, things to try:
You said you enabled password auth? Did you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
IM going to respond inline to avoid confusion.
On 09/18/2012 03:22 PM, Rob Crittenden wrote:
>
> I think we need to start with the basics, so here is a slew of
> questions, things to try:
>
> You said you enabled password auth? Did you do this by s
Nathan Lager wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry for falling off like that.
I opened a RedHat ticket on the issue, and have been running in
circles with them. I forgot to check on the list for responses.
I'm still having problems. Someone suggested I try:
kinit -kt /e
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry for falling off like that.
I opened a RedHat ticket on the issue, and have been running in
circles with them. I forgot to check on the list for responses.
I'm still having problems. Someone suggested I try:
kinit -kt /etc/httpd/conf/ipa.keyt
On 08/24/2012 04:43 PM, Rob Crittenden wrote:
> Nathan Lager wrote:
>> This did not seem to help...
>>
>
> What else isn't working? Does the UI work? Do clients on other
> machines work? Does user lookup still work?
>
> rob
Was this issue ever resolved?
>
>>
>> On 08/22/2012 06:02 PM, Rob Critte
Nathan Lager wrote:
This did not seem to help...
What else isn't working? Does the UI work? Do clients on other machines
work? Does user lookup still work?
rob
On 08/22/2012 06:02 PM, Rob Crittenden wrote:
Nathan Lager wrote:
[root@ipaserver PROD krb5kdc]# ipactl status
Directory Servi
- Original Message -
> I have a RHEL ipa server setup and running. Its been running for a
> while now, and suddenly, today, i'm having trouble authenticating to
> it, or changing my password.
>
> The error i'm getting at the command line is:
>
> [lagern@ipaserver PROD ~]$ ipa passwd
> Cu
This did not seem to help...
On 08/22/2012 06:02 PM, Rob Crittenden wrote:
> Nathan Lager wrote:
>> [root@ipaserver PROD krb5kdc]# ipactl status
>> Directory Service: RUNNING
>> KDC Service: RUNNING
>> KPASSWD Service: RUNNING
>> MEMCACHE Service: RUNNING
>> HTTP Service: RUNNING
>> CA Service: R
Nathan Lager wrote:
[root@ipaserver PROD krb5kdc]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@ipaserver PROD krb5kdc]# rpm -qa | grep ipa-server
ipa-server-selinux-2.2.0-16.el6.x8
[root@ipaserver PROD krb5kdc]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@ipaserver PROD krb5kdc]# rpm -qa | grep ipa-server
ipa-server-selinux-2.2.0-16.el6.x86_64
ipa-server-2.2.0-
Nathan Lager wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tried the same, kinit, and then ipa passwd commands as before,
here's the output:
Aug 22 14:32:13 ipaserver.lafayette.edu krb5kdc[1438](info): AS_REQ (4
etypes {18 17 16 23}) ipa-servers-ip: NEEDED_PREAUTH:
lag...@systems.lafay
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I tried the same, kinit, and then ipa passwd commands as before,
here's the output:
Aug 22 14:32:13 ipaserver.lafayette.edu krb5kdc[1438](info): AS_REQ (4
etypes {18 17 16 23}) ipa-servers-ip: NEEDED_PREAUTH:
lag...@systems.lafayette.edu for
krbtgt/sy
Nathan Lager wrote:
I have a RHEL ipa server setup and running. Its been running for a
while now, and suddenly, today, i'm having trouble authenticating to
it, or changing my password.
The error i'm getting at the command line is:
[lagern@ipaserver PROD ~]$ ipa passwd
Current Password:
New Pas
39 matches
Mail list logo
