[Freeipa-users] KDC returned error string: NOT_ALLOWED_TO_DELEGATE
Petr Spacek
pspacek at redhat.com
Tue Aug 16 07:25:42 UTC 2016
On 15.8.2016 20:18, Linov Suresh wrote:
> We have IPA replica set up in RHEL 6.4 and is FreeIPA 3.0.0
>
>
> We can only add the clients from IPA Server 01, not from IPA Server 02.
> When I tried to add the client from IPA Server 02, getting the error,
>
>
> ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error:
> Unspecified GSS failure. Minor code may provide more information (KDC
> returned error string: NOT_ALLOWED_TO_DELEGATE)
>
> SASL/GSSAPI authentication started
>
> SASL username: vpham at EXAMPLE.NET
>
> SASL SSF: 56
>
> SASL data security layer installed.
>
> ldap_modify: No such object (32)
>
> additional info: Range Check error
>
> modifying entry "fqdn=cpe-5061747522f9.example.net
> ,cn=computers,cn=accounts,dc=example,dc=net"
>
>
> Could you please help us to fix this?
We need to see exact steps you did before we can give you any meaningful advice.
Please have a look at
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
It is a very nice document which describes general bug reporting procedure and
best practices.
We will certainly have a look but we need first see the information :-)
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list