[Freeipa-users] Kerberos Authentication (again)
Rob Crittenden
rcritten at redhat.com
Thu Dec 11 14:17:00 UTC 2008
Fraginhell wrote:
> Yes I cannot create the service, It works on the IPA server, I can
> create it there ( and delete it again) maybe thats the problem.
> I'm sure its not on the IPA server anymore as
>
> ipa-findservice host/ipaclient.labs.example.com.au
> No entries found for host/ipaclient.labs.example.com.au
>
> I just checked the clients /etc/krb5.keytab file and it does not exist.
> What bothers me is on the server (/var/log/krb5kdc.log) the log says
> UNKOWN_SERVER I'm not sure how much of the problem this is.
>
> Dec 11 14:59:41 ipaserver.labs.example.com.au krb5kdc[2005](info):
> TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.212.50.31: UNKNOWN_SERVER:
> authtime 1228964598, admin at LABS.EXAMPLE.COM.AU for
> ldap/ipasever.labs.example.com.au at LABS.EXAMPLE.COM.AU, Server not
> found in Kerberos database
Note the server it is trying to get a ticket for
ipasever.labs.example.com.au (mis-spelled)
Can you check /etc/ipa/ipa.conf to see if that contains the misspelled
server name?
rob
More information about the Freeipa-users
mailing list