[Freeipa-users] Broken krb5.conf after ipa-server-install

Wed Jan 14 21:16:36 UTC 2015

On Wed, 14 Jan 2015, Orion Poplawski wrote:
>After running ipa-server-install like this:
>
>ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat
>/etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt
>--dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXX --http_pkcs12=nwra.com.p12
>--http_pin=XXX --idstart=8000
>
>I'm not configuring bind.
>
>I ended up with a broken krb5.conf with entries like:
>
>[libdefaults]
> default_realm = #
>
>[realms]
> NWRA.COM = {
>  kdc = server.nwra.com:88
>  master_kdc = server.nwra.com:88
>  admin_server = server.nwra.com:749
>  default_domain = nwra.com
>  pkinit_anchors = FILE:/etc/ipa/ca.crt
>}
>
># = {
> kdc = server.nwra.com:88
> admin_server = server.nwra.com:749
>}
>
>[domain_realm]
> .nwra.com = NWRA.COM
> nwra.com = NWRA.COM
>
># = #
>.# = #
>
>Any idea where the #'s are coming from?
>
>ipa-server-3.3.3-28.el7_0.3.x86_64
/var/log/ipaserver-install.log and ipaclient-install.log have all the
details. You may send them off-list.
-- 
/ Alexander Bokovoy