[Freeipa-users] unable to add service principle from F17

Dale Macartney dale at themacartneyclan.com
Mon Jun 25 21:27:56 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 25/06/12 19:53, Rob Crittenden wrote:
> Dale Macartney wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi all
>>
>> I have a RHEL 6.2 ipa domain and I am running through one of my known
>> working kickstarts for kerberised squid but instead of using RHEL i'm
>> setting it up on Fedora 17.
>>
>> I get the following error on the fedora system which has
>> freeipa-admintools installed
>>
>> [root at proxy02 ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: admin at EXAMPLE.COM
>>
>> Valid starting Expires Service principal
>> 06/25/12 20:34:33 06/26/12 20:34:31 krbtgt/EXAMPLE.COM at EXAMPLE.COM
>> [root at proxy02 ~]# ipa service-add HTTP/$(hostname)
>> ipa: ERROR: did not receive Kerberos credentials
>> [root at proxy02 ~]# ipa service-add HTTP/proxy02.example.com
>> ipa: ERROR: did not receive Kerberos credentials
>> [root at proxy02 ~]#
>>
>>
>>
>> Nothing appears in the logs apart from
>>
>> ==> /var/log/messages<==
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 35998884
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 00001428
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 00001013
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 00001230
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>>
>>
>> Any ideas?
>>
>> This doesn't block me from what I am trying to achieve as I can add the
>> service principle from the IPA server. Just thought I might ask the
>> question.
>
> What version of client and server?
>
> rob

Server details

[root at ds01 ~]# yum info ipa-server
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Installed Packages
Name        : ipa-server
Arch        : x86_64
Version     : 2.1.3
Release     : 9.el6
Size        : 3.2 M
Repo        : installed
- From repo   : Red Hat Enterprise Linux
Summary     : The IPA authentication server
URL         : http://www.freeipa.org/
License     : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
            : user, virtual machines, groups, authentication
credentials), Policy
            : (configuration settings, access control information) and
Audit (events,
            : logs, analysis thereof). If you are installing an IPA
server you need
            : to install this package (in other words, most people
should NOT install
            : this package).


Client details

[root at proxy02 ~]# yum info freeipa-client
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name        : freeipa-client
Arch        : x86_64
Version     : 2.2.0
Release     : 1.fc17
Size        : 239 k
Repo        : installed
- From repo   : fedora
Summary     : IPA authentication for use on clients
URL         : http://www.freeipa.org/
Licence     : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
            : user, virtual machines, groups, authentication
credentials), Policy
            : (configuration settings, access control information) and
Audit (events,
            : logs, analysis thereof). If your network uses IPA for
authentication,
            : this package should be installed on every client machine.

[root at proxy02 ~]# yum info freeipa-admintools
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name        : freeipa-admintools
Arch        : x86_64
Version     : 2.2.0
Release     : 1.fc17
Size        : 43 k
Repo        : installed
- From repo   : fedora
Summary     : IPA administrative tools
URL         : http://www.freeipa.org/
Licence     : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
            : user, virtual machines, groups, authentication
credentials), Policy
            : (configuration settings, access control information) and
Audit (events,
            : logs, analysis thereof). This package provides
command-line tools for
            : IPA administrators.

[root at proxy02 ~]#

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6NfaAAoJEAJsWS61tB+qe4gP/jTFZn1FKat8psw+Zkhnv6Rw
mqw13SvcpndaXYqS0e0pikV7EVophHgxZ2Y+APg3sk3xIOLMDxtv6AdU1RyMyFHT
tg15vxZ83mSSwMYiFjw6UWJp2Q6em4CC+e/8uZBziAtl5sz4XX8+HAQkYUZfaOcu
uYoP8S7dIAvRxUp7h53Cfxy4XcRdVNSELymY2wcFGXb/xQJ3IDZ03Y26nlFLrSXL
xg88TgwZlBtnJINlcsAA0c7QjilVB9ei619W+YRf+81Hs9ld4s72Zll5Sv7r9yHh
3CVQFvwNJl5tHGWr+5Ja7dZwgeJlWBLyeN6bYovycQL0+USV+sEl6HL3Cd1Z8SEM
e+t2siH6eSNjY93pY3YO/emagPOufcAdJQ5jlzTJIHBuHfb2k7VY5qP4t0hQuUrJ
Gjx7GGLgtoQOmK0fMwuFQP7cyajVo03BGHPiGpJRNrz6Rcs4CVd4CmPMtsHkyRtb
GshYFTgHusOP++vuBmRmz6ILM+nhCSKGvvFvmoIvNJIlKBGuWSdZgx7x6lQKfEjJ
NrVN/cKUi/Vf+IchHVeI1lxKHJx1b/ZLG7Fdc6q6Dbpo9ePTLurkKCb1kSvMrgEX
C90GW4ueBobn1HGOtPyVLZMDqeqhRv/y8vW3neVzrlSLE/5deRK2SBB1MkXfs+lF
ivewv9fQS46acnBok8do
=ZAc2
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120625/8f92b521/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120625/8f92b521/attachment.sig>

More information about the Freeipa-users mailing list