<br><br><div class="gmail_quote">On Wed, Jul 31, 2013 at 11:09 AM, KodaK <span dir="ltr"><<a href="mailto:sakodak@gmail.com" target="_blank">sakodak@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><br><span><div class="im"><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">On Wed, Jul 31, 2013 at 6:56 AM, Sumit Bose <<a href="mailto:sbose@redhat.com" target="_blank">sbose@redhat.com</a>> wrote:</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> I think that's the issue. You have to make sure that <a href="http://host.domain.com" target="_blank">host.domain.com</a> has</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> a DNS entry somewhere, it does not have to be the IPA DNS but the DNS</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> setup must be correct so the IPA DNS can forward the request to the</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> right server. Then you can call 'ipa host-add <a href="http://host.domain.com" target="_blank">host.domain.com</a>' which</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> will create a host entry with the principal</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> host/<a href="mailto:host.domain.com@UNIX.DOMAIN.COM" target="_blank">host.domain.com@UNIX.DOMAIN.COM</a>. Now you can call ipa-getkeytab and</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">> transfer the new keytab to <a href="http://host.domain.com" target="_blank">host.domain.com</a>.</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span></div><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Ok, I'm dumbfounded (again.)</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">I've removed the old host from IPA:</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">xxx@slpidml01 ~]$ ipa host-show <a href="http://sla400q1.unix.domain.com" target="_blank">sla400q1.unix.domain.com</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">ipa: INFO: trying <a href="https://slpidml01.unix.domain.com/ipa/session/xml" target="_blank">https://slpidml01.unix.domain.com/ipa/session/xml</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">ipa: INFO: Forwarding 'host_show' to server u'<a href="https://slpidml01.unix.domain.com/ipa/session/xml" target="_blank">https://slpidml01.unix.domain.com/ipa/session/xml</a>'</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">ipa: ERROR: <a href="http://sla400q1.unix.domain.com" target="_blank">sla400q1.unix.domain.com</a>: host not found</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">And I added the new host:</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">[xxx@slpidml01 ~]$ ipa host-show <a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">ipa: INFO: trying <a href="https://slpidml01.unix.domain.com/ipa/xml" target="_blank">https://slpidml01.unix.domain.com/ipa/xml</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">ipa: INFO: Forwarding 'host_show' to server u'<a href="https://slpidml01.unix.domain.com/ipa/xml" target="_blank">https://slpidml01.unix.domain.com/ipa/xml</a>'</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> Host name: <a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> Principal name: host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> Password: False</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> Keytab: True</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> Managed by: <a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a></span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">I generated the keytab:</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">[xxx@slpidml01 ~]$ ipa-getkeytab -s <a href="http://slpidml01.unix.domain.com" target="_blank">slpidml01.unix.domain.com</a> -p host/<a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a> -k /tmp/sla400q1.keytabKeytab successfully retrieved and stored in: /tmp/sla400q1.keytab</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">[xxx@slpidml01 ~]$ </span></p><br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Then I copied that keytab to the host and put it in /etc/krb5/krb5.keytab</span></p><br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">But, when I list the principals in the keytab:</span></p><br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">sla400q1:/var/adm> /usr/krb5/bin/klist -k -e</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Keytab name: FILE:/etc/krb5/krb5.keytab</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">KVNO Principal</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">---- ---------</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.unix.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.unix.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 1 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 2 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 3 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 3 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 3 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 3 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 4 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 4 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 4 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 4 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 5 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 5 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 5 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 5 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 6 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-256 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 6 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (AES-128 CTS mode with 96-bit SHA-1 HMAC) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 6 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (Triple DES cbc mode with HMAC/sha1) </span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"> 6 host/<a href="mailto:sla400q1.domain.com@UNIX.DOMAIN.COM" target="_blank">sla400q1.domain.com@UNIX.DOMAIN.COM</a> (ArcFour with HMAC/md5) </span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Where are the <a href="http://sla400q1.unix.domain.com" target="_blank">sla400q1.unix.domain.com</a> coming from? I've done this over and over, I can't find</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">any reference to <a href="http://sla400q1.unix.domain.com" target="_blank">sla400q1.unix.domain.com</a> in DNS in IPA, and the box never had any</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><a href="http://unix.comain.com" target="_blank">unix.comain.com</a> references.</span></p>
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">In addition, I’m still getting the error:</span></p>
<div class="im">
<br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Miscellaneous failure\nNo principal in keytab matches desired name\n<br>
</span></p></div><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">in the logs, even though:</span></p><br>
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">sla400q1:/var/adm> grep sla400q1 /etc/hosts</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">192.168.42.108 sla400q1-bk</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">#10.200.5.48 <a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a> sla400q1</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">10.200.5.48 <a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a> sla400q1</span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">sla400q1:/var/adm> hostname</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><a href="http://sla400q1.domain.com" target="_blank">sla400q1.domain.com</a></span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">sla400q1:/var/adm> domainname</span></p><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><a href="http://domain.com" target="_blank">domain.com</a></span></p>
<p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt"><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">sla400q1:/var/adm> </span></p><br><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"></span><p dir="ltr" style="line-height:1.15;margin-top:0pt;margin-bottom:0pt">
<span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap">Any clues?</span></p><div><span style="font-size:15px;font-family:Arial;vertical-align:baseline;white-space:pre-wrap"><br></span></div>
</span>
</blockquote></div><br>forgot to add:<div><br></div><div><div>sla400q1:/var/adm> nslookup 10.200.5.48</div><div>Server: 10.200.2.24</div><div>Address: 10.200.2.24#53</div><div><br></div><div>48.5.200.10.in-addr.arpa name = <a href="http://SLA400Q1.domain.com">SLA400Q1.domain.com</a>.</div>
<div><br></div><div><br></div><div><br></div>-- <br>The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6
</div>