[Freeipa-users] GSSAPI Failure
Konstantin Kozlov
kozlov at spbcas.ru
Thu Nov 20 12:49:37 UTC 2008
Simo Sorce wrote:
> On Fri, 2008-11-14 at 17:11 +0300, Konstantin Kozlov wrote:
>> Simo Sorce wrote:
>>> On Fri, 2008-11-14 at 16:40 +0300, Konstantin Kozlov wrote:
>>>> I tried to remove it with ktadmin.local but it didn't help. What is
>>>> proper way to do that given that ipa-tools do not work?
>>> Use ldapdelete with Directory Manager credentials.
>>> You have to remoce the one in cn=services, NOT the one in cn=kerberos.
>>>
>> I don't have it in ldap - only this under cn-kerberos:
>>
>>
>>
>> dn:
>> krbprincipalname=ldap/hedgehog.bio.spbcas.ru at BIO.SPBCAS.RU,cn=BIO.SPBCAS.R
>> U,cn=kerberos,dc=bio,dc=spbcas,dc=ru
>> krbTicketFlags: 0
>> krbPrincipalName: ldap/hedgehog.bio.spbcas.ru at BIO.SPBCAS.RU
>> krbLastPwdChange: 20081114133612Z
>> krbExtraData:: AALMfh1JYWRtaW4vYWRtaW5AQklPLlNQQkNBUy5SVQA=
>> objectClass: krbprincipal
>> objectClass: krbprincipalaux
>> objectClass: krbTicketPolicyAux
>> objectClass: top
>> krbPasswordExpiration: 19700101000000Z
>>
>> I suppose its not that.
>
> As a last resort you can generate a new secret using kadmin.local and
> make sure it is stored in ds.keytab, then restart directory server.
>
> Simo.
>
Hello,
Thank you very much for your help Simo!
I tried to recover ds keytab but failed and reinstalled the thing. I am
pretty sure that I've killed the previous installations with adding ldap
pric. - I won't do that next time.
Unfortunately, I still haven't got WinXP working.
Kostya
More information about the Freeipa-users
mailing list