I am pretty new to FreeIPA. I am setting up a server to manage a small home network.
I am unable to get automount to work on the client. When I start autofs, I see this in syslog:- [root@localhost ~]# automount -f -d Starting automounter version 5.0.5-31.fc14, master map auto.master using kernel protocol version 5.01 lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) lookup_read_master: lookup(file): read entry /misc lookup_read_master: lookup(file): read entry /net lookup_read_master: lookup(file): read entry +auto.master lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) lookup_nss_read_master: reading master ldap auto.master parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". parse_server_string: lookup(ldap): mapname auto.master parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: GSSAPI parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: host/[email protected] credential cache: (null) parse_init: parse(sun): init gathered global options: (null) find_server: trying server uri ldap://server.wasielewski.co.uk do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_do_kinit: initializing kerberos ticket: client principal host/[email protected] sasl_do_kinit: calling krb5_parse_name on client principal host/[email protected] sasl_do_kinit: Using tgs name krbtgt/[email protected] sasl_do_kinit: krb5_get_init_creds_keytab failed with error -1765328203 do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://server.wasielewski.co.uk do_reconnect: lookup(ldap): failed to find available server lookup(file): failed to read included master map auto.master On the server I see the following in /var/log/krb5kdc.log (client IP addr redacted):- Jun 26 22:43:29 server.wasielewski.co.uk krb5kdc[10514](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) xxx.xxx.xxx.xxx: NEEDED_PREAUTH: host/[email protected] for krbtgt/[email protected], Additional pre-authentication required Jun 26 22:43:29 server.wasielewski.co.uk krb5kdc[10514](info): closing down fd 5 On the client the ticket cache is:- [root@localhost ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/26/13 20:48:45 06/27/13 20:48:41 krbtgt/[email protected] but on the server it is: [root@server log]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 06/26/13 00:04:51 06/27/13 00:04:47 krbtgt/[email protected] 06/26/13 00:04:54 06/27/13 00:04:47 ldap/[email protected] Should I also have a ticket for LDAP on the client? Server is running FreeIPA 2.2.2 on FC17. Client is on FC14. I had to download the freeipa-client package (and others) from Koji as they were no longer available for FC14 in the usual repos. I ran ipa-client-install, but in the end had to apply most of the config manually. However everything else (IPA domain user login, IPA web UI etc.) that I would expect runs OK on the client. It is only automount that is giving problems. I am sure I have got something very simple wrong...hopefully one of the masters can put me right. Regards, Andrew
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
