[Freeipa-users] GSSAPI Failure

[Konstantin Kozlov]

Simo Sorce wrote:
> On Fri, 2008-11-14 at 16:40 +0300, Konstantin Kozlov wrote:
>> I tried to remove it with ktadmin.local but it didn't help. What is 
>> proper way to do that given that ipa-tools do not work?
> 
> Use ldapdelete with Directory Manager credentials.
> You have to remoce the one in cn=services, NOT the one in cn=kerberos.
> 

I don't have it in ldap - only this under cn-kerberos:



dn: 
krbprincipalname=ldap/hedgehog.bio.spbcas.ru at BIO.SPBCAS.RU,cn=BIO.SPBCAS.R
  U,cn=kerberos,dc=bio,dc=spbcas,dc=ru
krbTicketFlags: 0
krbPrincipalName: ldap/hedgehog.bio.spbcas.ru at BIO.SPBCAS.RU
krbLastPwdChange: 20081114133612Z
krbExtraData:: AALMfh1JYWRtaW4vYWRtaW5AQklPLlNQQkNBUy5SVQA=
objectClass: krbprincipal
objectClass: krbprincipalaux
objectClass: krbTicketPolicyAux
objectClass: top
krbPasswordExpiration: 19700101000000Z

I suppose its not that.

Kostya