Hello,
IPA version 4.6.8.
Got a host that doesn't allow user logins, but was joined at some point to the
domain.
Everything that I can think of to check appears to be working
Log into client system with local credentials
Logs show invalid user attempts
Client Keytab looks valid.....do these ever expire?
Ktutil
read_kt /etc/krb5.keytab
list
Shows the
host/hostname.domain
Quit
Cannot 'id admin' or 'id' any other user
Can obtain Kerberos keys for admin
Can run ipa user-show for any user
System appears valid in idmweb gui
What did I miss?
Get a new keytab for the client with ipa-getkeytab?
Is there some server/client certs I should be checking?
Thanks!
David Patterson
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
