[Freeipa-users] unable to add service principle from F17
Dale Macartney
dale at themacartneyclan.com
Mon Jun 25 21:27:56 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25/06/12 19:53, Rob Crittenden wrote:
> Dale Macartney wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi all
>>
>> I have a RHEL 6.2 ipa domain and I am running through one of my known
>> working kickstarts for kerberised squid but instead of using RHEL i'm
>> setting it up on Fedora 17.
>>
>> I get the following error on the fedora system which has
>> freeipa-admintools installed
>>
>> [root at proxy02 ~]# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: admin at EXAMPLE.COM
>>
>> Valid starting Expires Service principal
>> 06/25/12 20:34:33 06/26/12 20:34:31 krbtgt/EXAMPLE.COM at EXAMPLE.COM
>> [root at proxy02 ~]# ipa service-add HTTP/$(hostname)
>> ipa: ERROR: did not receive Kerberos credentials
>> [root at proxy02 ~]# ipa service-add HTTP/proxy02.example.com
>> ipa: ERROR: did not receive Kerberos credentials
>> [root at proxy02 ~]#
>>
>>
>>
>> Nothing appears in the logs apart from
>>
>> ==> /var/log/messages<==
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 35998884
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 00001428
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 00001013
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>> Jun 25 20:35:34 proxy02 pcscd[25567]: 00001230
>> winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
>>
>>
>> Any ideas?
>>
>> This doesn't block me from what I am trying to achieve as I can add the
>> service principle from the IPA server. Just thought I might ask the
>> question.
>
> What version of client and server?
>
> rob
Server details
[root at ds01 ~]# yum info ipa-server
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Installed Packages
Name : ipa-server
Arch : x86_64
Version : 2.1.3
Release : 9.el6
Size : 3.2 M
Repo : installed
- From repo : Red Hat Enterprise Linux
Summary : The IPA authentication server
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If you are installing an IPA
server you need
: to install this package (in other words, most people
should NOT install
: this package).
Client details
[root at proxy02 ~]# yum info freeipa-client
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name : freeipa-client
Arch : x86_64
Version : 2.2.0
Release : 1.fc17
Size : 239 k
Repo : installed
- From repo : fedora
Summary : IPA authentication for use on clients
URL : http://www.freeipa.org/
Licence : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If your network uses IPA for
authentication,
: this package should be installed on every client machine.
[root at proxy02 ~]# yum info freeipa-admintools
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name : freeipa-admintools
Arch : x86_64
Version : 2.2.0
Release : 1.fc17
Size : 43 k
Repo : installed
- From repo : fedora
Summary : IPA administrative tools
URL : http://www.freeipa.org/
Licence : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). This package provides
command-line tools for
: IPA administrators.
[root at proxy02 ~]#
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJP6NfaAAoJEAJsWS61tB+qe4gP/jTFZn1FKat8psw+Zkhnv6Rw
mqw13SvcpndaXYqS0e0pikV7EVophHgxZ2Y+APg3sk3xIOLMDxtv6AdU1RyMyFHT
tg15vxZ83mSSwMYiFjw6UWJp2Q6em4CC+e/8uZBziAtl5sz4XX8+HAQkYUZfaOcu
uYoP8S7dIAvRxUp7h53Cfxy4XcRdVNSELymY2wcFGXb/xQJ3IDZ03Y26nlFLrSXL
xg88TgwZlBtnJINlcsAA0c7QjilVB9ei619W+YRf+81Hs9ld4s72Zll5Sv7r9yHh
3CVQFvwNJl5tHGWr+5Ja7dZwgeJlWBLyeN6bYovycQL0+USV+sEl6HL3Cd1Z8SEM
e+t2siH6eSNjY93pY3YO/emagPOufcAdJQ5jlzTJIHBuHfb2k7VY5qP4t0hQuUrJ
Gjx7GGLgtoQOmK0fMwuFQP7cyajVo03BGHPiGpJRNrz6Rcs4CVd4CmPMtsHkyRtb
GshYFTgHusOP++vuBmRmz6ILM+nhCSKGvvFvmoIvNJIlKBGuWSdZgx7x6lQKfEjJ
NrVN/cKUi/Vf+IchHVeI1lxKHJx1b/ZLG7Fdc6q6Dbpo9ePTLurkKCb1kSvMrgEX
C90GW4ueBobn1HGOtPyVLZMDqeqhRv/y8vW3neVzrlSLE/5deRK2SBB1MkXfs+lF
ivewv9fQS46acnBok8do
=ZAc2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120625/8f92b521/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120625/8f92b521/attachment.sig>
More information about the Freeipa-users
mailing list