Re: [Freeipa-users] sudden ipa errors.

2012-09-24 Thread Martin Kosek
Hello Nathan, you can file the bug on Red Hat Bugzilla (bugzilla.redhat.com), you can use this link: https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%206 Thanks in advance! Martin On 09/21/2012 05:53 PM, Nathan Lager wrote: Sure thing, can you point me to where

Re: [Freeipa-users] sudden ipa errors.

2012-09-21 Thread Rob Crittenden
: Thursday, September 20, 2012 2:46:20 PM Subject: Re: [Freeipa-users] sudden ipa errors. On 09/20/2012 02:28 PM, Rob Crittenden wrote: Nathan Lager wrote: On 09/20/2012 11:43 AM, Rob Crittenden wrote: Lager, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com

Re: [Freeipa-users] sudden ipa errors.

2012-09-21 Thread Nathan Lager
, September 20, 2012 2:46:20 PM Subject: Re: [Freeipa-users] sudden ipa errors. On 09/20/2012 02:28 PM, Rob Crittenden wrote: Nathan Lager wrote: On 09/20/2012 11:43 AM, Rob Crittenden wrote: Lager, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com

Re: [Freeipa-users] sudden ipa errors.

2012-09-21 Thread Rob Crittenden
Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/21/2012 10:18 AM, Rob Crittenden wrote: Lager, Nathan T. wrote: Well, after all of this, RedHat support just resolved my issue! It came down the the domain_realm definitions in /etc/krb5.conf. They had me change:

Re: [Freeipa-users] sudden ipa errors.

2012-09-21 Thread Dmitri Pal
: freeipa-users@redhat.com Sent: Thursday, September 20, 2012 2:46:20 PM Subject: Re: [Freeipa-users] sudden ipa errors. On 09/20/2012 02:28 PM, Rob Crittenden wrote: Nathan Lager wrote: On 09/20/2012 11:43 AM, Rob Crittenden wrote: Lager, Nathan T. wrote: - Original Message

Re: [Freeipa-users] sudden ipa errors.

2012-09-21 Thread Nathan Lager
Sure thing, can you point me to where i'd do so? I usually have this sort of thing taken care of via a RedHat support ticket. And the support rep creates the bug report. On 09/21/2012 11:19 AM, Dmitri Pal wrote: That, might be worthy of a bug report. Can you please file one?

Re: [Freeipa-users] sudden ipa errors.

2012-09-20 Thread Rob Crittenden
Lager, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Wednesday, September 19, 2012 4:35:30 PM Subject: Re: [Freeipa-users] sudden ipa errors. Nathan Lager wrote: -BEGIN PGP

Re: [Freeipa-users] sudden ipa errors.

2012-09-20 Thread Rob Crittenden
: [Freeipa-users] sudden ipa errors. Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2012 03:47 PM, Rob Crittenden wrote: Dmitri Pal wrote: Rob, keytab and kerberos part seems to be fine, ldap works too. Can it be one of the certs? May be some cert expired

Re: [Freeipa-users] sudden ipa errors.

2012-09-20 Thread Nathan Lager
On 09/20/2012 11:43 AM, Rob Crittenden wrote: Lager, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Wednesday, September 19, 2012 4:35:30 PM Subject: Re: [Freeipa-users

Re: [Freeipa-users] sudden ipa errors.

2012-09-20 Thread Nathan Lager
: Wednesday, September 19, 2012 4:35:30 PM Subject: Re: [Freeipa-users] sudden ipa errors. Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2012 03:47 PM, Rob Crittenden wrote: Dmitri Pal wrote: Rob, keytab and kerberos part seems to be fine, ldap works too. Can

Re: [Freeipa-users] sudden ipa errors.

2012-09-20 Thread Lager, Nathan T.
Message - From: Nathan Lager lag...@lafayette.edu To: Rob Crittenden rcrit...@redhat.com Cc: freeipa-users@redhat.com Sent: Thursday, September 20, 2012 2:46:20 PM Subject: Re: [Freeipa-users] sudden ipa errors. On 09/20/2012 02:28 PM, Rob Crittenden wrote: Nathan Lager wrote: On 09/20

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Dmitri Pal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/18/2012 03:06 PM, Nathan Lager wrote: Sorry for falling off like that. I opened a RedHat ticket on the issue, and have been running in circles with them. I forgot to check on the list for responses. I'm still having problems. Someone

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Rob Crittenden
Lager, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors. Ok, what are the permissions

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Rob Crittenden
: [Freeipa-users] sudden ipa errors. Ok, what are the permissions on the keytab, /etc/httpd/conf/ipa.keytab? They should be apache:apache mode 0600. [lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab -rw---. apache apache unconfined_u:object_r:httpd_config_t:s0 /etc/httpd/conf/ipa.keytab

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Nathan Lager
: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors. Ok, what are the permissions on the keytab, /etc/httpd/conf/ipa.keytab? They should be apache:apache mode 0600. [lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab -rw---. apache apache

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Rob Crittenden
@redhat.com Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors. Ok, what are the permissions on the keytab, /etc/httpd/conf/ipa.keytab? They should be apache:apache mode 0600. [lagern@caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab -rw---. apache apache

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Nathan Lager
- From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors. Ok, what are the permissions on the keytab, /etc/httpd/conf/ipa.keytab? They should

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Dmitri Pal
, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors. Ok, what are the permissions

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Rob Crittenden
, Rob Crittenden wrote: Lager, Nathan T. wrote: - Original Message - From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Nathan Lager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2012 03:47 PM, Rob Crittenden wrote: Dmitri Pal wrote: Rob, keytab and kerberos part seems to be fine, ldap works too. Can it be one of the certs? May be some cert expired? No, the error is coming from GSSAPI, it is unfortunately

Re: [Freeipa-users] sudden ipa errors.

2012-09-19 Thread Rob Crittenden
Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2012 03:47 PM, Rob Crittenden wrote: Dmitri Pal wrote: Rob, keytab and kerberos part seems to be fine, ldap works too. Can it be one of the certs? May be some cert expired? No, the error is coming from GSSAPI, it

Re: [Freeipa-users] sudden ipa errors.

2012-09-18 Thread Rob Crittenden
Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry for falling off like that. I opened a RedHat ticket on the issue, and have been running in circles with them. I forgot to check on the list for responses. I'm still having problems. Someone suggested I try: kinit -kt

Re: [Freeipa-users] sudden ipa errors.

2012-09-18 Thread Nathan Lager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 IM going to respond inline to avoid confusion. On 09/18/2012 03:22 PM, Rob Crittenden wrote: I think we need to start with the basics, so here is a slew of questions, things to try: You said you enabled password auth? Did you do this by

Re: [Freeipa-users] sudden ipa errors.

2012-09-18 Thread Rob Crittenden
Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 IM going to respond inline to avoid confusion. On 09/18/2012 03:22 PM, Rob Crittenden wrote: I think we need to start with the basics, so here is a slew of questions, things to try: You said you enabled password auth? Did you

Re: [Freeipa-users] sudden ipa errors.

2012-09-18 Thread Lager, Nathan T.
- Original Message - From: Rob Crittenden rcrit...@redhat.com To: Nathan Lager lag...@lafayette.edu Cc: freeipa-users@redhat.com Sent: Tuesday, September 18, 2012 5:17:00 PM Subject: Re: [Freeipa-users] sudden ipa errors. Ok, what are the permissions on the keytab, /etc/httpd

Re: [Freeipa-users] sudden ipa errors.

2012-09-10 Thread Dmitri Pal
On 08/24/2012 04:43 PM, Rob Crittenden wrote: Nathan Lager wrote: This did not seem to help... What else isn't working? Does the UI work? Do clients on other machines work? Does user lookup still work? rob Was this issue ever resolved? On 08/22/2012 06:02 PM, Rob Crittenden wrote:

Re: [Freeipa-users] sudden ipa errors.

2012-08-24 Thread Rob Crittenden
Nathan Lager wrote: This did not seem to help... What else isn't working? Does the UI work? Do clients on other machines work? Does user lookup still work? rob On 08/22/2012 06:02 PM, Rob Crittenden wrote: Nathan Lager wrote: [root@ipaserver PROD krb5kdc]# ipactl status Directory

Re: [Freeipa-users] sudden ipa errors.

2012-08-23 Thread Nathan Lager
This did not seem to help... On 08/22/2012 06:02 PM, Rob Crittenden wrote: Nathan Lager wrote: [root@ipaserver PROD krb5kdc]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING MEMCACHE Service: RUNNING HTTP Service: RUNNING CA Service: RUNNING

Re: [Freeipa-users] sudden ipa errors.

2012-08-23 Thread Simo Sorce
- Original Message - I have a RHEL ipa server setup and running. Its been running for a while now, and suddenly, today, i'm having trouble authenticating to it, or changing my password. The error i'm getting at the command line is: [lagern@ipaserver PROD ~]$ ipa passwd Current

Re: [Freeipa-users] sudden ipa errors.

2012-08-22 Thread Rob Crittenden
Nathan Lager wrote: I have a RHEL ipa server setup and running. Its been running for a while now, and suddenly, today, i'm having trouble authenticating to it, or changing my password. The error i'm getting at the command line is: [lagern@ipaserver PROD ~]$ ipa passwd Current Password: New

Re: [Freeipa-users] sudden ipa errors.

2012-08-22 Thread Nathan Lager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I tried the same, kinit, and then ipa passwd commands as before, here's the output: Aug 22 14:32:13 ipaserver.lafayette.edu krb5kdc[1438](info): AS_REQ (4 etypes {18 17 16 23}) ipa-servers-ip: NEEDED_PREAUTH: lag...@systems.lafayette.edu for

Re: [Freeipa-users] sudden ipa errors.

2012-08-22 Thread Rob Crittenden
Nathan Lager wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I tried the same, kinit, and then ipa passwd commands as before, here's the output: Aug 22 14:32:13 ipaserver.lafayette.edu krb5kdc[1438](info): AS_REQ (4 etypes {18 17 16 23}) ipa-servers-ip: NEEDED_PREAUTH:

Re: [Freeipa-users] sudden ipa errors.

2012-08-22 Thread Nathan Lager
[root@ipaserver PROD krb5kdc]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING MEMCACHE Service: RUNNING HTTP Service: RUNNING CA Service: RUNNING [root@ipaserver PROD krb5kdc]# rpm -qa | grep ipa-server ipa-server-selinux-2.2.0-16.el6.x86_64

Re: [Freeipa-users] sudden ipa errors.

2012-08-22 Thread Rob Crittenden
Nathan Lager wrote: [root@ipaserver PROD krb5kdc]# ipactl status Directory Service: RUNNING KDC Service: RUNNING KPASSWD Service: RUNNING MEMCACHE Service: RUNNING HTTP Service: RUNNING CA Service: RUNNING [root@ipaserver PROD krb5kdc]# rpm -qa | grep ipa-server