[Freeipa-users] How to check IPA <--> AD trust from command line

Ben .T.George bentech4you at gmail.com
Tue Jan 6 17:32:24 UTC 2015 

HI

thanks now i am getting output:

[root at kwtpocpbis01 ~]# getent passwd adm-ben.george at kwttestdc.com
adm-ben.george at kwttestdc.com:*:1198401206:1198401206:ADM Ben George:/home/
kwttestdc.com/adm-ben.george:
[root at kwtpocpbis01 ~]# id adm-ben.george at kwttestdc.com
uid=1198401206(adm-ben.george at kwttestdc.com) gid=1198401206(
adm-ben.george at kwttestdc.com)
groups=1198401206(adm-ben.george at kwttestdc.com),1198400512(domain
admins at kwttestdc.com),1198401147(wseallowmediaaccess at kwttestdc.com
),1198401151(wsealertadministrators at kwttestdc.com),1198401148(
wseallowaddinaccess at kwttestdc.com),1198401152(
wseremoteaccessusers at kwttestdc.com),1198401146(
wseallowcomputeraccess at kwttestdc.com),1198401150(
wseallowhomepagelinks at kwttestdc.com),1198401144(
wseremotewebaccessusers at kwttestdc.com),1198401145(
wseallowshareaccess at kwttestdc.com),1198401149(
wseallowdashboardaccess at kwttestdc.com),535600004(ad_admins),1198400513(domain
users at kwttestdc.com)


i was trying the kinit command on solaris . -C key is not there

Thanks & Regards,
Ben


On Tue, Jan 6, 2015 at 8:18 PM, Sumit Bose <sbose at redhat.com> wrote:

> On Tue, Jan 06, 2015 at 08:13:17PM +0300, Ben .T.George wrote:
> > HI
> >
> > thanks for the replay.
> >
> > please find below output.it's asking for password and accepting that.
> but
> > something wrong
> >
> > [root at kwtpocpbis01 ~]# kinit -C  adm-ben.george at kwttestdc.com
> > Password for adm-ben.george at kwttestdc.com:
> >
> > [root at kwtpocpbis01 ~]# getent passwd adm-ben.george
>
> Please try
>
> getent passwd adm-ben.george at kwttestdc.com
>
> We use fully-qualified names to avoid name collisions.
>
> Does the kvno command work?
>
> bye,
> Sumit
>
> >
> > [root at kwtpocpbis01 ~]# id adm-ben.george
> > id: adm-ben.george: no such user
> >
> > Regards,
> > Ben
> >
> > On Tue, Jan 6, 2015 at 8:03 PM, Sumit Bose <sbose at redhat.com> wrote:
> >
> > > On Tue, Jan 06, 2015 at 07:52:20PM +0300, Ben .T.George wrote:
> > > > Hi
> > > >
> > > > I Tried on IPA server and below is my output:
> > > >
> > > > [root at kwtpocpbis01 ~]# kinit adm-ben.george at kwttestdc.com
> > > > Password for adm-ben.george at kwttestdc.com:
> > > > kinit: KDC reply did not match expectations while getting initial
> > > > credentials
> > > >
> > > > how can i troubleshot this issue.?
> > >
> > > The argument to kinit is a Kerberos principal which is handled
> > > case-sensitive by kinit. To get around the error message either use
> > >
> > > kinit -C  adm-ben.george at kwttestdc.com
> > >
> > > or
> > >
> > > kinit adm-ben.george at KWTTESTDC.COM
> > >
> > > (typically the realm part is upper-case, if your user name contains
> > > upper-case letters as well you should use them here as well, if you
> > > don't know 'kinit -C' might be the better solution)
> > >
> > > HTH
> > >
> > > bye,
> > > Sumit
> > > >
> > > > Thanks & Regards,
> > > > Ben
> > > >
> > > >
> > > > On Tue, Jan 6, 2015 at 6:41 PM, Sumit Bose <sbose at redhat.com> wrote:
> > > >
> > > > > On Tue, Jan 06, 2015 at 07:19:15AM -0700, Rich Megginson wrote:
> > > > > > On 01/05/2015 08:35 PM, Ben .T.George wrote:
> > > > > > >
> > > > > > >Hi LIst,
> > > > > > >
> > > > > > >how to check IPA <-> Active directory trust relationship . i
> just
> > > want
> > > > > to
> > > > > > >confirm my ipa server is working fine.
> > > > > >
> > > > > > On an IPA server or client machine:
> > > > > > $ kinit adusername at ADDOMAIN.COM
> > > > > > Password: aduserpassword
> > > > > >
> > > > > > If there are no AD users yet, you can try with
> > > > > administrator at ADDOMAIN.COM
> > > > > > assuming you have the AD admin password.
> > > > >
> > > > > Additionally you have to check if the AD user can get a ticket for
> an
> > > IPA
> > > > > service e.g. after calling kinit with the AD user call
> > > > >
> > > > > kvno ldap/ipaserver.ipa.domain at IPA.DOMAIN
> > > > >
> > > > > bye,
> > > > > Sumit
> > > > >
> > > > > >
> > > > > > >
> > > > > > >Regards,
> > > > > > >Ben
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > > > --
> > > > > > Manage your subscription for the Freeipa-users mailing list:
> > > > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > > Go To http://freeipa.org for more info on the project
> > > > >
> > > > > --
> > > > > Manage your subscription for the Freeipa-users mailing list:
> > > > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > > > > Go To http://freeipa.org for more info on the project
> > > > >
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150106/e2c628c0/attachment.htm>

More information about the Freeipa-users mailing list