[Freeipa-devel] freeIPA + Fedora 9 + xen , can't get passed ipa-finduser admin

[Jaakan Shorter]

thanks Rob and Simo

here is the bug report number https://bugzilla.redhat.com/show_bug.cgi?id=447381

I uninstalled it renamed the server to freeipa.test.net, in lower case
this time.

kinit admin
Password for admin at TEST.NET:

klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at TEST.NET

Valid starting     Expires            Service principal
05/19/08 14:42:18  05/20/08 14:42:06  krbtgt/TEST.NET at TEST.NET


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

ipa-finduser admin
Full Name: Administrator
Home Directory: /home/admin
Login Shell: /bin/bash
Login: admin

now I am going to see if I can get up a client to test it all out. Thanks again.
jaakan

On Mon, May 19, 2008 at 2:02 PM, Simo Sorce <ssorce at redhat.com> wrote:
> On Mon, 2008-05-19 at 13:06 -0400, Jaakan Shorter wrote:
>> the servers name is freeIPA.test.net and not freeipa.test.net
>
> DNS names are caseless, freeipa == FREEIPA == freeIPA in theory
>
>> i just noiced this following line is not in caps when all the other ones are.
>>
>> "dn: krbprincipalname=kadmin/freeipa.test.net at TEST.NET,cn=TEST.NET,cn=
>>  kerberos,dc=test,dc=net"
>>
>> how would I fix the principalname? and should the principalname match
>> the server name?
>
> this is the only "correct" principal, the problem is with other
> principals havin capital letters I believe.
>
> The kerberos code expects all lowercase name I think.
>
> You could use ldapmodify or an ldap browsing tool to change the
> krbprincipalname attribute.
>
>> Want me to do an uninstall and rename the server name in lower case
>> and see if it's ok with that?
>
> I think that would solve the issue, would you mind opening a bug in
> bugzilla.redhat.com for the FreeIPA component?
> We should handle this situation by normalizing the names before passing
> them down the stack.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>