Hi all, don't want to register on FreeIPA nor RedHat/CentOS ticketing systems, but want to make others know about my discovery. Hope somebody will review it and open bug report.
The IPA (Kerberos part) failing to start when supported_enctypes = aes camellia -des3 -des -rc4 listed in kdc.conf for realm. With listing supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal camellia256-cts-cmac:normal camellia128-cts-cmac:normal -des -des3 -rc4 the Kerberos and IPA start successfully. These are the installed and affected versions ipa-server-3.3.3-28.el7.centos.1.x86_64 krb5-server-1.11.3-49.el7.x86_64 krb5-libs-1.11.3-49.el7.x86_64 Hope it will help somebody.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project