[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] GSSAPI Failure



On Fri, 2008-11-14 at 16:19 +0300, Konstantin Kozlov wrote:
> Simo Sorce wrote:
> > On Fri, 2008-11-14 at 09:04 +0300, Konstantin Kozlov wrote:
> >> NTP, DNS and DHCP are on another server, they were set up alot
> >> earlier 
> >> and working.
> >>
> >> Does the ldapsearch error indicate that FDS fails and not IPA?
> > 
> > No the failure means that the kdc used and the ldap keytab are not in
> > sync.
> > 
> > Have you tried to manually create a keytab for
> > ldap/hedgehog bio spbcas ru BIO SPBCAS RU by chance and/or trying to get
> > a keytab for this principal with ipa-getkeytab ?
> > 
> > Simo.
> > 
> 
> Yes, I did that. Can it be the problem? Shoul I remove it? How?

Yes, you basically cleared the secret ldap has and didn't tell it.
You should *never* do that for the IPA server.

If you created that principal with ipa-addservice, remove it, we already
have a special entry in the kerberos part of the tree. That might be
enough, otherwise you will have to reset the key again and store the new
contents in the ds.keytab

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]