[Freeipa-users] Trouble with new installation

Dumbo Q dumboq at yahoo.com
Thu Jun 4 16:36:39 UTC 2009 

I am somewhat confused here.  Can someone explain the technical relationship between kerberos and ldap.  I understand the relationship overview but not so much is going on behind the scenes.  Why would I have no trouble using the 'admin' account, but then kpasswd is unable to bind to ldap when changing a regular user account?






________________________________
From: Simo Sorce <ssorce at redhat.com>
To: Dumbo Q <dumboq at yahoo.com>
Cc: freeipa-users at redhat.com
Sent: Wednesday, June 3, 2009 6:09:53 PM
Subject: Re: [Freeipa-users] Trouble with new installation

On Wed, 2009-06-03 at 13:42 -0700, Dumbo Q wrote:
> I am trying to get a feel for redhat ipa, but i am not having much
> luck.
> 
> I am trying to set a password for a new user that i created earlier
> today, but ipa-password just hangs.   not sure what is going on.. or
> where to look.
> 
> Here is what i did, followed by the only messages that popped up in
> log.   I let it hang for 15 minutes..
> 
> [root at auth01 ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin at MYDOM.COM
> 
> Valid starting     Expires            Service principal
> 06/03/09 16:01:41  06/04/09 16:01:35  krbtgt/MYDOM.COM at MYDOM.COM
> 06/03/09 16:01:58  06/04/09 16:01:35  HTTP/auth01.mydom.com at MYDOM.COM
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> [root at auth01 ~]# ipa-passwd test
> Changing password for test at MYDOM.COM
>   New Password:
>   Confirm Password:
> 
> 
> Jun 03 16:30:47 auth01.mydom.com krb5kdc[4001](info): TGS_REQ (1
> etypes {18}) 10.30.1.53: ISSUE: authtime 1244059301, etypes {rep=18
> tkt=18 ses=18}, admin at MYDOM.COM for krbtgt/MYDOM.COM at MYDOM.COM
> Jun 03 16:30:47 auth01.mydom.com krb5kdc[4001](info): TGS_REQ (1
> etypes {18}) 10.30.1.53: ISSUE: authtime 1244059301, etypes {rep=18
> tkt=18 ses=18}, admin at MYDOM.COM for krbtgt/MYDOM.COM at MYDOM.COM

Can you run any other admin command ?
Looks like either a DNS resolution problem or a firewall dropping
packets.

Simo.


-- 
Simo Sorce * Red Hat, Inc * New York


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20090604/9fccaba2/attachment.htm>

More information about the Freeipa-users mailing list