Ok, Gady sent the complete file out-of-band and the temporary krb5.conf
the client installer creates looks ok. It does include files from
/var/lib/sss/pubconf/krb5.include.d/. Can you see if there are any files
in there and if so, what the contents are?
BTW, what distro and release of
[root@cd-s-prd-db1 krb5.include.d]# ls -l
-rw-r--r--. 1 root root 224 Apr 9 07:24 domain_realm_ipa_candeal_ca
-rw-r--r--. 1 root root 118 Apr 9 07:24 localauth_plugin
[root@cd-s-prd-db1 krb5.include.d]# cat domain_realm_ipa_candeal_ca
# Generated by NetworkManager
search ipa.candeal.ca
On (20/04/16 20:10), Gady Notrica wrote:
>[root@cd-s-prd-db1 krb5.include.d]# ls -l
>
>-rw-r--r--. 1 root root 224 Apr 9 07:24 domain_realm_ipa_candeal_ca
>
>-rw-r--r--. 1 root root 118 Apr 9 07:24 localauth_plugin
>
>
>
>[root@cd-s-prd-db1 krb5.include.d]# cat domain_realm_ipa_candeal_ca
>
>#
You guys are awesome
# ipa-client-install --enable-dns-updates --mkhomedir --no-ntp
Discovery was successful!
…
Continue to configure the system with these values? [no]: yes
…
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Please find below the kr5.conf. Still has with original content.
[root@prddb1]# ipa-client-install
Discovery was successful!
...
Continue to configure the system with these values? [no]: yes
Kerberos authentication failed: kinit: Improper format of Kerberos
configuration file while
Gady Notrica wrote:
Thank you guys for your help.
Still can't enroll the client. Any suggestion on the errors below?
/Kerberos authentication failed: kinit: Improper format of Kerberos
configuration file while initializing Kerberos 5 library/
What does /etc/krb5.conf look like?
Gady Notrica wrote:
Please find below the kr5.conf. Still has with original content.
[root@prddb1]# ipa-client-install
Discovery was successful!
...
Continue to configure the system with these values? [no]: yes
Kerberos authentication failed: kinit: Improper format of Kerberos
Original file attached - no changes to the file
Gady
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: April 20, 2016 3:52 PM
To: Gady Notrica; Martin Basti; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa-client-install errors
Gady Notrica wrote:
>
Hi
I'm getting the following warning on RHEL7 ipa servers
(ipa-server-4.2.0-15.el7_2.6.1.x86_64).
$ ipa-replica-manage list
ipa: WARNING: session memcached servers not running
aaa.xxx.yyy: master
bbb.xxx.yyy: master
Can someone advise please on what the session memcached servers are for
and
Roderick Johnstone wrote:
Hi
I'm getting the following warning on RHEL7 ipa servers
(ipa-server-4.2.0-15.el7_2.6.1.x86_64).
$ ipa-replica-manage list
ipa: WARNING: session memcached servers not running
aaa.xxx.yyy: master
bbb.xxx.yyy: master
Can someone advise please on what the session
Hello,
I'm trying to set up a self-service page for a new IPA domain and I'm
trying to use PWM for that.
When I try to bind to FreeIPA from within PWM, with the configured "LDAP
Proxy User", I get the following error:
error connecting to ldap server 'ldaps://polonium.ipa.rdmedia.com:636':
On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote:
After doing a yum update on April 14 we are experiencing this error on an ipa
user-add:
ipa: ERROR: missing attribute "nisMapName" required by object class
"nisMap"
The /var/log/ipaupgrade.log is too large to attach but I didn't see any
Hello World,
I am having these errors trying to install ipa-client-install. Every other
machine is fine and they IPA servers are functioning perfectly
Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
Kerberos authentication failed: kinit: Improper format of Kerberos
On Wed, 20 Apr 2016, Tiemen Ruiten wrote:
Hello,
I'm trying to set up a self-service page for a new IPA domain and I'm
trying to use PWM for that.
When I try to bind to FreeIPA from within PWM, with the configured "LDAP
Proxy User", I get the following error:
error connecting to ldap server
On 20/04/16 14:03, Rob Crittenden wrote:
Roderick Johnstone wrote:
Hi
I'm getting the following warning on RHEL7 ipa servers
(ipa-server-4.2.0-15.el7_2.6.1.x86_64).
$ ipa-replica-manage list
ipa: WARNING: session memcached servers not running
aaa.xxx.yyy: master
bbb.xxx.yyy: master
Can
On 20.04.2016 18:00, Gady Notrica wrote:
Hello World,
I am having these errors trying to install ipa-client-install. Every
other machine is fine and they IPA servers are functioning perfectly
Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
Kerberos authentication failed:
On 04/20/2016 06:00 PM, Gady Notrica wrote:
Hello World,
I am having these errors trying to install ipa-client-install. Every
other machine is fine and they IPA servers are functioning perfectly
Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
Kerberos authentication failed:
Please find attached the install log
Gady
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky
Sent: April 20, 2016 1:04 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa-client-install errors
On
On 04/20/2016 07:12 PM, Gady Notrica wrote:
Please find attached the install log
Gady
-Original Message-
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Martin Babinsky
Sent: April 20, 2016 1:04 PM
To: freeipa-users@redhat.com
Subject: Re:
Thank you Martin, I have tried many different ways. I can't seem to be able to
remove anything in the file.
Gady
From: Martin Basti [mailto:mba...@redhat.com]
Sent: April 20, 2016 12:50 PM
To: Gady Notrica; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] ipa-client-install errors
On
Hi Daryl,
please always reply to the list.
On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote:
On 04/20/16 11:10, Alexander Bokovoy wrote:
On Wed, 20 Apr 2016, Daryl Fonseca-Holt wrote:
After doing a yum update on April 14 we are experiencing this
error on an ipa
user-add:
ipa: ERROR:
Any specific command in particular to remove that keytab?
Since these don't work
[root@cprddb1 /]# ipa-rmkeytab -r DOMAIN.COM -k /etc/krb5.keytab
Kerberos context initialization failed
[root@prddb1 /]# ipa-rmkeytab -p ldap/prddb1.ipa.domain.com -k /etc/krb5.keytab
Kerberos context
Thanks Alexander, that got my past that error.
I created the sysaccount and I can bind successfully, but in accordance
with the documentation, it doesn't have rights to modify other users:
Unexpected error while testing ldap test user LDAP ⇨ LDAP Directories ⇨
default ⇨ LDAP Test User, error:
Martin Basti wrote:
On 20.04.2016 18:00, Gady Notrica wrote:
Hello World,
I am having these errors trying to install ipa-client-install. Every
other machine is fine and they IPA servers are functioning perfectly
Error trying to clean keytab: /usr/sbin/ipa-rmkeytab returned 1
Kerberos
Sumit,
Raised the debug level to 10 and let it run for about 24 hours. Uploading
the last 2000~ lines of the sssd_domain.com.log. Thanks for your help!
https://pastebin.com/MD6N1Dj7
Jeff Hallyburton
Strategic Systems Engineer
Bloomip Inc.
Web: http://www.bloomip.com
Engineering Support:
hi Gady,
On Wed, Apr 20, 2016 at 8:11 PM, Gady Notrica wrote:
> Any specific command in particular to remove that keytab?
>
> Since these don't work
>
> [root@cprddb1 /]# ipa-rmkeytab -r DOMAIN.COM -k /etc/krb5.keytab
> Kerberos context initialization failed
> [root@prddb1
Hi list,
This is an re-occurring subject; the dreaded expired certificate.
I am following the renew here
http://www.freeipa.org/page/IPA_2x_Certificate_Renewal and testing on a
clone VM and I am able to get to the step where the serial number is being
replaced:
ldapmodify -x -h localhost -p
Thank you guys for your help.
Still can't enroll the client. Any suggestion on the errors below?
Kerberos authentication failed: kinit: Improper format of Kerberos
configuration file while initializing Kerberos 5 library
Installation failed. Rolling back changes.
Failed to list
28 matches
Mail list logo