[Freeipa-users] ipa: ERROR: did not receive Kerberos credentials (SOLVED)

Rashard.Kelly at sita.aero Rashard.Kelly at sita.aero
Fri Apr 11 17:41:02 UTC 2014 

Thank you so much, it was the user id. There was an account with the same 
user name leftover from a previous effort.

Thanks to everyone for the time.


Thank You,
Rashard Kelly



From:   Sumit Bose <sbose at redhat.com>
To:     Rashard.Kelly at sita.aero
Cc:     Alexander Bokovoy <abokovoy at redhat.com>, freeipa-users at redhat.com
Date:   04/11/2014 11:58 AM
Subject:        Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos 
credentials



On Fri, Apr 11, 2014 at 11:22:55AM -0400, Rashard.Kelly at sita.aero wrote:
> I changed the permissions to world readable to test, afterward I changed 

> it back to be readable only by the owner. The problem then reappeared.
> 
> [rkelly at replicahostname ~]$ ls -lZa| grep krb
> -r--------  root    root    ?                                krb5cc_0
> -r--------  xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
> -r--------  rkelly  rkelly  ? krb5cc_1599100000_CUkupo
> -r--------  rkelly  rkelly  ? krb5cc_1599100000_ZekyY0
> -r--------  apache  apache  ?                                krb5cc_48
> [rkelly at replicahostname ~]$ od /tmp/krb5cc_1599100000_CUkupo
> od: /tmp/krb5cc_1599100000_CUkupo: Permission denied

hm, either your filesystem is broken or there is an issue with duplicate
UIDs. Can you check if the filesystem UID matches yours:

stat krb5cc_1599100000_CUkupo

should show the numerial UID for the file and

id

will show yours.

HTH

bye,
Sumit

> 
> Thank You,
> Rashard Kelly
> SITA  Senior Linux Specialist
> 
> 
> 
> 
> From:   Sumit Bose <sbose at redhat.com>
> To:     Rashard.Kelly at sita.aero
> Cc:     Alexander Bokovoy <abokovoy at redhat.com>, 
freeipa-users at redhat.com
> Date:   04/11/2014 09:54 AM
> Subject:        Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos 

> credentials
> 
> 
> 
> On Fri, Apr 11, 2014 at 09:42:41AM -0400, Rashard.Kelly at sita.aero wrote:
> > [root at replicahostname ~]# sestatus
> > SELinux status:                 disabled
> > [root at replicahostname ~]# audit2why -b -w -t avc
> > [root at replicahostname ~]#
> > 
> > 
> > Nothing in the audit log after audit2why came back either.
> 
> That's odd. Can you read the file with od?
> 
> od /tmp/krb5cc_1599100000_CUkupo
> 
> don't send the output just check if it is readable of if od returns an
> error as well?
> 
> Are there any odd filesystem permission on your klist binary like s-bit
> set?
> 
> ls -alZ $(which klist)
> 
> (her you can send the output :-)
> 
> bye,
> Sumit
> > 
> > 
> > Thank You,
> > Rashard Kelly
> > 
> > 
> > 
> > From:   Alexander Bokovoy <abokovoy at redhat.com>
> > To:     Rashard.Kelly at sita.aero
> > Cc:     Sumit Bose <sbose at redhat.com>, freeipa-users at redhat.com
> > Date:   04/11/2014 09:06 AM
> > Subject:        Re: [Freeipa-users] ipa: ERROR: did not receive 
Kerberos 
> 
> > credentials
> > 
> > 
> > 
> > On Fri, 11 Apr 2014, Rashard.Kelly at sita.aero wrote:
> > >futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> > >open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES 
(Permission
> > >denied)
> > 
> > Are you sure you don't have SELinux really running and enabled?
> > 
> > Because the following output makes me really worry:
> > >> [root at replicahostname /tmp]# ll -Za
> > >> drwxrwxrwt. root    root    system_u:object_r:tmp_t:s0       .
> > >> dr-xr-xr-x. root    root    system_u:object_r:root_t:s0      ..
> > >> -rw-------  rkelly  rkelly  ? .bash_history
> > >> drwxrwxrwt  root    root    ? .ICE-unix
> > >> drwxrwxr-x  rkelly  rkelly  ?                                .ipa
> > >> -r--------  root    root    ? krb5cc_0
> > >> -r--------  xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
> > >> -r--------  rkelly  rkelly  ? krb5cc_1599100000_CUkupo
> > >> -r--------  rkelly  rkelly  ? krb5cc_1599100000_ZekyY0
> > These rkelly:rkelly krb5cc_* files have no SELinux label and should be
> > readable to the owner.
> > 
> > Can you show:
> > 
> > [root] # sestatus
> > [root] # audit2why -b -w -t avc
> > 
> > 
> > -- 
> > / Alexander Bokovoy
> > 
> > 
> > This document is strictly confidential and intended only for use by 
the
> > addressee unless otherwise stated.  If you are not the intended 
> recipient,
> > please notify the sender immediately and delete it from your system.
> > See you at 2014 Air Transport IT Summit, 17-19 June 2014
> > 
> > Click here to register  http://www.sitasummit.aero
> > 
> > 
> 
> 
> This document is strictly confidential and intended only for use by the
> addressee unless otherwise stated.  If you are not the intended 
recipient,
> please notify the sender immediately and delete it from your system.
> See you at 2014 Air Transport IT Summit, 17-19 June 2014
> 
> Click here to register  http://www.sitasummit.aero
> 
> 


This document is strictly confidential and intended only for use by the
addressee unless otherwise stated.  If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
See you at 2014 Air Transport IT Summit, 17-19 June 2014

Click here to register  http://www.sitasummit.aero


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140411/8dd987d9/attachment.htm>

More information about the Freeipa-users mailing list