[Freeipa-users] sudden ipa errors.

Fri Sep 21 15:13:16 UTC 2012

Nathan Lager wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 09/21/2012 10:18 AM, Rob Crittenden wrote:
>> Lager, Nathan T. wrote:
>>> Well, after all of this, RedHat support just resolved my issue!
>>>
>>> It came down the the domain_realm definitions in /etc/krb5.conf.
>>>
>>> They had me change:
>>>
>>> [domain_realm] .systems.lafayette.edu = SYSTEMS.LAFAYETTE.EDU
>>> systems.lafayette.edu = SYSTEMS.LAFAYETTE.EDU
>>>
>>> To: [domain_realm] .systems.lafayette.edu =
>>> SYSTEMS.LAFAYETTE.EDU systems.lafayette.edu =
>>> SYSTEMS.LAFAYETTE.EDU .lafayette.edu = SYSTEMS.LAFAYETTE.EDU
>>> lafayette.edu = SYSTEMS.LAFAYETTE.EDU
>>>
>>> After doing so, i restarted IPA, and my commands are working
>>> properly now!
>>>
>>> Now, to get my replica back in order...
>>
>> Wow. OK, I'm glad it's working. Do we have any idea how this file
>> changed? Is it wrong on all your clients or only on this one
>> master?
>>
> It appears wrong on my replica as well, caroline1.  There are no
> clients currently, other than RHEV.
>
> I only have one lingering issue, aside from my replica being broken.
>
> I still cant reset admin's password. It gives me the same error it was
> before.
>
> [root at caroline0 PROD ~]# kinit admin
> Password for admin at SYSTEMS.LAFAYETTE.EDU:
> Password expired.  You must change it now.
> Enter new password:
> Enter it again:
> kinit: Password has expired while getting initial credentials

Can you try kpasswd to reset the admin password?

rob