[Freeipa-users] IPA inaccessable after adding service principle
Martin Juhl
mj at casalogic.dk
Mon Feb 15 15:27:15 UTC 2016
Hi guys
I've just installed a RHEL7 server with ipa-server 4.2.0...
Everything seems to work fine, until I add a service principle:
(Running on a client, after a kinit)
[root at dantooine ~]# ipa-getkeytab -s naboo.outerrim.lan -p HTTP/naboo.outerrim.lan at OUTERRIM.LAN -k /etc/krb5.keytab
Keytab successfully retrieved and stored in: /etc/krb5.keytab
After running the command, the web-interface returns:
The password or username you entered is incorrect.
when I try to login, and the "ipa" command has stopped working as well (both on the server and client):
[root at dantooine ~]# ipa user-show admin
ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (KDC returned error string: 2ND_TKT_SERVER)
[root at dantooine ~]#
[root at dantooine ~]# kdestroy
[root at dantooine ~]# kinit admin
Password for admin at OUTERRIM.LAN:
[root at dantooine ~]# ipa user-show admin
ipa: ERROR: cannot connect to 'https://naboo.outerrim.lan/ipa/json': Unauthorized
/var/log/httpd/error_log on the server gives me:
ValueError: non-generic 'CCacheError' needs format=None; got format="(-1765328353, 'Decrypt integrity check failed')"
What did I do wrong here???
Regards
Martin Juhl
More information about the Freeipa-users
mailing list