[Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}
Brian J. Murrell
brian at interlinx.bc.ca
Fri Dec 30 14:30:15 UTC 2016
[ Sent just to the list. Hopefully Martin is on it. ]
On Thu, 2016-12-22 at 10:06 +0100, Martin Babinsky wrote:
>
> Hi Brian,
Hi Martin,
> DS should use /etc/sysconfig/dirsrv to set its KRB5_KTNAME env
> variable
> to /etc/dirsrv/ds.keytab.
Ah-ha!
This was the problem. When I upgraded from 4.2 to 4.4 as part of my
CentOS upgrade I pulled up the config file changes (i.e. those usually
in .rpmnew file) because I like to keep the config files up-to-date
with the package. But when I did so, the KRB5_KTNAME setting got
dropped. :-(
> Can you please verify that /etc/sysconfig/dirsrv file exists and that
> it
> contains the following lines?:
>
> KRB5_CCNAME=/tmp/krb5cc_389
This is actually KRB5CCNAME in my config file.
> KRB5_KTNAME=/etc/dirsrv/ds.keytab
>
>
> If not, please add this line to the file, restart dirsrv and try IPA
> commands again.
That worked. Thanks so much!
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161230/2a0008da/attachment.sig>
More information about the Freeipa-users
mailing list