[Freeipa-users] Re: Configuring Client SSH Access Problem
Dan Scott
danieljamesscott at gmail.com
Wed Dec 9 12:30:24 UTC 2009
Generally, I've found that this is caused by incorrect DNS records.
Make sure that your A and PTR records are correct for this host.
One other thing, you should be able to run ipa-getkeytab directly on the client.
Hope this helps,
Dan Scott
http://danieljamesscott.org
On Wed, Dec 9, 2009 at 02:16, Michael Kang <wxiluo at gmail.com> wrote:
> Does anyone know what's wrong?
>
> On Tue, Dec 8, 2009 at 12:35 PM, Michael Kang <wxiluo at gmail.com> wrote:
>>
>> Dear all,
>>
>> I had setup a FreeIPA server and a FreeIPA client. After using the ktutil
>> command to import the keytab, using the following command on another machine
>> to test the configuration. This still need passwd.
>>
>> IPA Server:
>>>
>>> kinit admin
>>> ipa-addservice host/ipaclient.example.com
>>> ipa-getkeytab -s ipaserver.example.com -p host/ipaclient.example.com -k
>>> /tmp/krb5.keytab
>>> scp /tmp/krb5.keytab root at ipaclient.example.com:/tmp/krb5.keytab
>>
>> IPA client:
>>>
>>> # ktutil
>>> ktutil: read_kt /tmp/krb5.keytab
>>> ktutil: write_kt /etc/krb5/krb5.keytab
>>> ktutil: q
>>
>> ssh admin at ipaserver.example.com (This don't need passwd.)
>>
>> PC or Mac:
>> ssh admin at ipaclient.example.com (This still need passwd.)
>>
>> What should I do?
>>
>> Best Regards,
>> Michael Kang
>> --
>> Michael Kang(康上明学)
>> There is a giant asleep within every man. When the giant awakens,miracles
>> happen.
>>
>> Personal blog: http://ufusion.org - United Fusion
>
>
>
> --
> Michael Kang(康上明学)
> There is a giant asleep within every man. When the giant awakens,miracles
> happen.
>
> Personal blog: http://ufusion.org - United Fusion
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list