Hi, On Thu, Jun 12, 2025 at 9:55 PM Felix O via FreeIPA-users < [email protected]> wrote:
> Hi, when trying to run any ipa cli commands, they fail with the message > ipa: ERROR: No valid Negotiate header in server response. Trying to sign > into the web ui fails by unknown error. > The instance has had its certificates expired and then renewed using > ipa-cert-fix, after which the problem occurred. Can you check if the certificate in /var/kerberos/krb5kdc/kdc.crt has been renewed? # sudo openssl x509 -noout -text -in /var/kerberos/krb5kdc/kdc.crt and check the values for Validity: Not before / not after. The page https://www.freeipa.org/page/Troubleshooting/PrivilegeSeparation provides troubleshooting steps that could help you narrow down the issue. flo > > I have regenerated the host keytab and gssproxy keytab using the following > commands, to no success. (the command succeeds, but it doesn't help the > issue) > ipa-getkeytab -s ipa.example.com -p host/[email protected] -k > /etc/krb5.keytab > ipa-getkeytab -s ipa.example.com -p HTTP/[email protected] -k > /var/lib/ipa/gssproxy/http.keytab > > Felix > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
