[Freeipa-users] sudden ipa errors.
Rob Crittenden
rcritten at redhat.com
Wed Sep 19 14:37:28 UTC 2012
Lager, Nathan T. wrote:
>
> ----- Original Message -----
>> From: "Rob Crittenden" <rcritten at redhat.com>
>> To: "Nathan Lager" <lagern at lafayette.edu>
>> Cc: freeipa-users at redhat.com
>> Sent: Tuesday, September 18, 2012 5:17:00 PM
>> Subject: Re: [Freeipa-users] sudden ipa errors.
>>
>> Ok, what are the permissions on the keytab,
>> /etc/httpd/conf/ipa.keytab?
>> They should be apache:apache mode 0600.
>
> [lagern at caroline0 PROD ~]$ ls -lZ /etc/httpd/conf/ipa.keytab
> -rw-------. apache apache unconfined_u:object_r:httpd_config_t:s0 /etc/httpd/conf/ipa.keytab
>
>>
>> Are you in SELinux enforcing mode? Can you try in permissive to see if
>> that works?
> I was enforcing at the start of all of this, but ive since switched to permissive for troubleshooting. It hasnt made a difference.
Are you getting an HTTP service principal in the client?
$ kdestroy
$ kinit admin
$ ipa user-show admin
<fail>
$ klist -fea
Lets try to skip s4u2proxy. Does this work:
$ ipa --delegate user-show admin
Unfortunately the major and minor error codes are as generic as can be
so they aren't any help at all.
rob
More information about the Freeipa-users
mailing list