[Freeipa-users] sasl binding failed when running ipa-getkeytab
Rob Crittenden
rcritten at redhat.com
Mon Sep 29 14:55:39 UTC 2008
Ivan Levchenko wrote:
> Hi All!
>
> Installed ipa-client on a 64 bit os, (centos 5.2).
>
> ipa-client install went fine, no errors, but when i ran ipa-getkeytab:
>
> ipa-getkeytab -s master.mydomain.com -p host/client.mydomain.com.com
> -k /etc/krb5.keytab
>
> I get the following error message:
> SASL Bind failed!
>
> I can login using the ipa users, but I need to enter them manually...
> What does this error mean? I checked on
> http://freeipa.org/page/TroubleshootingGuide#Service_Principals , but
> on the server, nothing appears like that in the logs.
>
> On the client, in /var/log/messages, I found this:
>
> ipa-getkeytab: No worthy mechs found
>
> googling didn't help on this error...
Did you have a kerberos ticket before running ipa-getkeytab? You need to
do a kinit before running this.
I'm not sure what you mean by "enter them manually" when logging on as
an ipa user.
You will want to look on the IPA server in /var/log/krb5kdc.log and/or
/var/log/dirsrv/slapd-INSTANCE/error for more information.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20080929/9f6c5b39/attachment.bin>
More information about the Freeipa-users
mailing list