Rob, thank you, great insight, the kvno did not match tried to generate a new one but it fails
kinit admin ipa-getkeytab -s server1 -p host/[email protected] -k /etc/krb5.keytab Failed to parse result: Internal error while saving keys Looking in journalctl it shows that "Adjustment limit exceeded" error that resulted from travelling back in time with the system clock to before the certs expired, same as when resubmiting the certs, catch22? also tried to just retrieve the existing one by adding the -r flag to above but: Failed to parse result: Insufficient access rights Journalctl "Not allowed to retrieve keytab on [host/[email protected]] as user [uid=admin" But I think thats normal for freeipa, I recall the documentation saying you are not able to retrieve by default Could I have made a mistake? Is there a different way to fix the host keytab? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
