[Freeipa-users] problem with keytab for ipa user-add
Bob Hinton
bob at jackland.demon.co.uk
Sun May 31 10:21:45 UTC 2015
Hello,
I've written a Ruby script to add IPA users from CSV files. This works
fine when specifying a username and password. However, using a keytab
produces an error (see below). This seems to happen whatever I put in
the keytab file.
Any suggestions ?
The VM in question has had its database restored using ipa-restore a
number of times, so I don't know if this is a factor.
Thanks
Bob
-sh-4.2$ ./ipa-import-users -h
Usage ipa-import-users [options] file1.csv ...
-u, --user USER Kerberos principal that can add users
-p, --password PASSWORD Password for the above
-k, --keytab KEYTAB Login with the specified keytab
instead of user and pass
-v, --verbose enable verbose mode
-d, --debug enable debug mode
-c, --check check input files without applying them
-sh-4.2$ ./ipa-import-users -vd -k ipa004.keytab example_users_file.csv
Importing file example_users_file.csv...
header line ["Username", " First Name", " Last Name", " Email Address",
" Password"]
Line 2 is ["auser", "Another", "User", "auser at test.com", "pass"]
username auser already defined
Line 3 is ["james23", "James", "Jones", "jamesjones at somewhere.com",
"secrets2"]
echo "secrets2" | ipa user-add james23 --first="James" --last="Jones"
--email="jamesjones at somewhere.com" --password 2>&1
Problem with file example_users_file.csv ipa error on james23 - ipa:
ERROR: Insufficient access: Could not read UPG Definition originfilter.
Check your permissions.
-sh-4.2$ klist -kt ipa004.keytab
Keytab name: FILE:ipa004.keytab
KVNO Timestamp Principal
---- -----------------
--------------------------------------------------------
2 18/05/15 14:23:24 host/ipa004.jackland.uk at TEST.JACKLAND.UK
2 18/05/15 14:23:24 host/ipa004.jackland.uk at TEST.JACKLAND.UK
2 18/05/15 14:23:24 host/ipa004.jackland.uk at TEST.JACKLAND.UK
2 18/05/15 14:23:24 host/ipa004.jackland.uk at TEST.JACKLAND.UK
4 31/05/15 10:55:37 useradder at TEST.JACKLAND.UK
4 31/05/15 10:55:37 useradder at TEST.JACKLAND.UK
4 31/05/15 10:55:37 useradder at TEST.JACKLAND.UK
4 31/05/15 10:55:37 useradder at TEST.JACKLAND.UK
-sh-4.2$
Installed Packages
Name : ipa-server
Arch : x86_64
Version : 4.1.0
Release : 18.el7_1.3
Size : 4.2 M
Repo : installed
>From repo : rhel-7-server-rpms
Summary : The IPA authentication server
URL : http://www.freeipa.org/
Licence : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If you are installing an IPA
server you need
: to install this package (in other words, most people
should NOT install
: this package).
More information about the Freeipa-users
mailing list