[Freeipa-users] sasl binding failed when running ipa-getkeytab
Ivan Levchenko
levchenko.i at gmail.com
Tue Sep 30 11:09:13 UTC 2008
On Mon, Sep 29, 2008 at 5:55 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Did you have a kerberos ticket before running ipa-getkeytab? You need to do
> a kinit before running this.
Yes, I did kinit for admin, and klist shows that I have a ticket.
>
> I'm not sure what you mean by "enter them manually" when logging on as an
> ipa user.
i.e. when i ssh to the box, it prompts me for a password and
authenticates via pam (which checks against the ipa server), and i get
logged in successfully using the user that is defined on the ipa
server.
>
> You will want to look on the IPA server in /var/log/krb5kdc.log and/or
> /var/log/dirsrv/slapd-INSTANCE/error for more information.
I was just tailing those two files while running the ipa-getkeytab
command.. nothing....
also checked any other even remotely relevant log files (messages,
secure...) - nothing...
The architecture of the client is 64 bit. on all of the other 32 bit
clients that I am using - everything is working fine.
>
> rob
>
--
Best Regards,
Ivan Levchenko
levchenko.i at gmail.com
More information about the Freeipa-users
mailing list