Hi,
When /tmp is full, it is impossible to authenticate with Kerberos. Login with
password over SSH and sudo don't work. Login with ssh key works fine. Here is
the output in the system log when I try to log on via SSH with password auth
(this is on RHEL 6):
Sep 18 16:56:59 vali sshd[35157]: Se
wrote:
>> On Tue, 2017-09-19 at 20:27 +0200, Jakub Hrozek via FreeIPA-users
>> wrote:
>>> On Mon, Sep 18, 2017 at 05:11:09PM +0200, Marius Bjørnstad via
>>> FreeIPA-users wrote:
>>>> Hi,
>>>>
>>>> When /tmp is full, it is impossi
Hi all,
After I upgraded to FreeIPA 4.5 (on CentOS 7), I get an error "Login failed due
to an unknown reason" on the web UI, no matter if I use the admin user or my
personal user. From what I can tell, all the ipa commands work fine on the
command line, and kinit also works fine.
I have includ
Thanks for the replies! I do have the krb5-pkinit package installed.
ipa-pkinit-manage status was disabled, but enabling it with ipa-pkinit-manage
enable didn't fix the problem.
$ ipa pkinit-status --server=SERVER_NAME
says PKINIT is disabled.
# ipa-pkinit-manage status
now says it is enabled.
only the IP
address of the other master. I changed it to 192.168.1.249, the 4.5 master, and
it works!
> 6. okt. 2017 kl. 11.56 skrev Alexander Bokovoy :
>
> On pe, 06 loka 2017, Marius Bjørnstad via FreeIPA-users wrote:
>> Thanks for the replies! I do have the krb5-pkinit packa
Just learned a new keyboard shortcut in my mail client. Didn't mean to send
without saying thanks a lot, that was very helpful.
> 6. okt. 2017 kl. 12.24 skrev Marius Bjørnstad via FreeIPA-users
> :
>
> Wow that's well spotted! That IP is the 4.4 server (I just blindly as
s master's fqdn
> ipa_server = master.example.com <http://master.example.com/>
>
> SSSD also was updated to not write down KDC locator file in case we are
> running on IPA master (ipa_server_mode = True).
>
>
>>
>>
>>> 6. okt. 2017 kl. 11.56 s
On 23. okt. 2017 19:45, Bhavin Vaidya via FreeIPA-users wrote:
> We did manage to delete the certificates, all but the right one (we
> figured out looking at clients' /etc/ipa/ca.crt)
>
>
I have seen /etc/ipa/ca.crt get out of date before. It wasn't updated
automatically when renewing the CA cert,
Hi list,
A bit of a longshot: We have a Dell/EMC Isilon cluster, which we use for NAS. I
am considering to set up Kerberos authentication for NFSv4, but I'm not able to
create the Service Principal Names (SPNs). I believe kadmin is not supported by
the FreeIPA servers, but wonder if there are a