[Freeipa-users] ipa host-add and service add command to add solaris 10

Rob Crittenden rcritten at redhat.com
Wed Jan 7 20:37:08 UTC 2015 

Ben .T.George wrote:
> HI
> 
> thanks for the replay.
> 
> i was trying for keytab and getting below error.
> 
> [root at kwtpocpbis01 ~]# ipa-getkeytab -s kwtpocpbis01.solipa.local -p
> host/kwttestsolaris10.solipa.local -k /tmp/krb5.keytab -e des-cbc-crc
> Operation failed! All enctypes provided are unsupported
> 
> my krb5.conf looks like below:
> 
> [libdefaults]
>  default_realm = SOLIPA.LOCAL
>  dns_lookup_realm = false
>  dns_lookup_kdc = true
>  rdns = false
>  ticket_lifetime = 24h
>  forwardable = yes
>  default_ccache_name = KEYRING:persistent:%{uid}
>  allow_weak_crypto = true
> 
> what will be issue with my command?

You haven't configured enough. Follow Alexander's instructions here:

https://www.redhat.com/archives/freeipa-users/2014-November/msg00246.html

You'll also need to restart the krb5kdc service.

rob

> 
> Regards,
> Ben
> 
> On Tue, Jan 6, 2015 at 11:35 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
> 
>     Ben .T.George wrote:
>     >
>     > HI
>     >
>     > i was trying to ass solaris 10 client from command line. Host add
>     comand
>     > went successfully and service add for /host is giving error.
>     >
>     > please check below output and help me to solve this
>     >
>     > [root at kwtpocpbis01 ~]# ipa host-add --force
>     --ip-address=172.16.107.107
>     > kwttestsolaris10.solipa.local
>     > ------------------------------------------
>     > Added host "kwttestsolaris10.solipa.local"
>     > ------------------------------------------
>     >   Host name: kwttestsolaris10.solipa.local
>     >   Principal name: host/kwttestsolaris10.solipa.local at SOLIPA.LOCAL
>     >   Password: False
>     >   Keytab: False
>     >   Managed by: kwttestsolaris10.solipa.local
>     >
>     > [root at kwtpocpbis01 ~]# ipa service-add
>     host/kwttestsolaris10.solipa.local
>     > ipa: ERROR: You must enroll a host in order to create a host service
>     >
>     > what this means "ipa: ERROR: You must enroll a host in order to
>     create a
>     > host service" . I can see the host from IPA web front end. that means
>     > host is added noe.? or this is pointing to another service
> 
>     The host service is implicit and lives within the host. You don't need
>     to (nor can you) add it.
> 
>     If you want to get a keytab for it just use ipa-getkeytab to fetch it.
> 
>     rob
> 
>

More information about the Freeipa-users mailing list