On pe, 06 loka 2017, Marius Bjørnstad via FreeIPA-users wrote:
That's right, I did have ipa_server set to _srv_, must have edited it at one
point.
If you added this master through replica promotion, _srv_ might have
been left from the previous ipa-client-install.
6. okt. 2017 kl. 12.37 skr
That's right, I did have ipa_server set to _srv_, must have edited it at one
point.
> 6. okt. 2017 kl. 12.37 skrev Alexander Bokovoy :
>
> On pe, 06 loka 2017, Marius Bjørnstad wrote:
>> Wow that's well spotted! That IP is the 4.4 server (I just blindly
>> assumed that it would use the value in
On pe, 06 loka 2017, Marius Bjørnstad wrote:
Wow that's well spotted! That IP is the 4.4 server (I just blindly
assumed that it would use the value in krb5.conf, which is the 4.5
server). It goes to 248 every time.
strace showed me that kinit gets the IP address from
/var/lib/sss/pubconf/kdcinf
Just learned a new keyboard shortcut in my mail client. Didn't mean to send
without saying thanks a lot, that was very helpful.
> 6. okt. 2017 kl. 12.24 skrev Marius Bjørnstad via FreeIPA-users
> :
>
> Wow that's well spotted! That IP is the 4.4 server (I just blindly assumed
> that it would
Wow that's well spotted! That IP is the 4.4 server (I just blindly assumed that
it would use the value in krb5.conf, which is the 4.5 server). It goes to 248
every time.
strace showed me that kinit gets the IP address from
/var/lib/sss/pubconf/kdcinfo.OUS.NSC.LOCAL. This file contains only the
On pe, 06 loka 2017, Marius Bjørnstad via FreeIPA-users wrote:
Thanks for the replies! I do have the krb5-pkinit package installed.
ipa-pkinit-manage status was disabled, but enabling it with ipa-pkinit-manage
enable didn't fix the problem.
$ ipa pkinit-status --server=SERVER_NAME
says PKINIT i
Thanks for the replies! I do have the krb5-pkinit package installed.
ipa-pkinit-manage status was disabled, but enabling it with ipa-pkinit-manage
enable didn't fix the problem.
$ ipa pkinit-status --server=SERVER_NAME
says PKINIT is disabled.
# ipa-pkinit-manage status
now says it is enabled.
On to, 05 loka 2017, Jochen Hein wrote:
Alexander Bokovoy writes:
On to, 05 loka 2017, Jochen Hein via FreeIPA-users wrote:
[Thu Oct 05 11:36:38.505372 2017] [:error] [pid 7424] [remote
192.168.1.48:244] CalledProcessError: Command '/usr/bin/kinit -n -c
/var/run/ipa/ccaches/armor_7424 -X
X5
Alexander Bokovoy writes:
> On to, 05 loka 2017, Jochen Hein via FreeIPA-users wrote:
>>> [Thu Oct 05 11:36:38.505372 2017] [:error] [pid 7424] [remote
>>> 192.168.1.48:244] CalledProcessError: Command '/usr/bin/kinit -n -c
>>> /var/run/ipa/ccaches/armor_7424 -X
>>> X509_anchors=FILE:/var/kerber
