[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] Kerberos Authentication (again)



Fraginhell wrote:
Yes I cannot create the service, It works on the IPA server, I can
create it there ( and delete it again) maybe thats the problem.
I'm sure its not on the IPA server anymore as

ipa-findservice host/ipaclient.labs.example.com.au
No entries found for host/ipaclient.labs.example.com.au

I just checked the clients /etc/krb5.keytab file and it does not exist.
What bothers me is on the server (/var/log/krb5kdc.log) the log says
UNKOWN_SERVER I'm not sure how much of the problem this is.

Dec 11 14:59:41 ipaserver.labs.example.com.au krb5kdc[2005](info):
TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.212.50.31: UNKNOWN_SERVER:
authtime 1228964598,  admin LABS EXAMPLE COM AU for
ldap/ipasever labs example com au LABS EXAMPLE COM AU, Server not
found in Kerberos database

Note the server it is trying to get a ticket for ipasever.labs.example.com.au (mis-spelled)

Can you check /etc/ipa/ipa.conf to see if that contains the misspelled server name?

rob


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]