On Wed, Jul 31, 2013 at 6:56 AM, Sumit Bose <[email protected]> wrote:
> I think that's the issue. You have to make sure that host.domain.com has > a DNS entry somewhere, it does not have to be the IPA DNS but the DNS > setup must be correct so the IPA DNS can forward the request to the > right server. Then you can call 'ipa host-add host.domain.com' which > will create a host entry with the principal > host/[email protected]. Now you can call ipa-getkeytab and > transfer the new keytab to host.domain.com. Ok, I'm dumbfounded (again.) I've removed the old host from IPA: xxx@slpidml01 ~]$ ipa host-show sla400q1.unix.domain.com ipa: INFO: trying https://slpidml01.unix.domain.com/ipa/session/xml ipa: INFO: Forwarding 'host_show' to server u' https://slpidml01.unix.domain.com/ipa/session/xml' ipa: ERROR: sla400q1.unix.domain.com: host not found And I added the new host: [xxx@slpidml01 ~]$ ipa host-show sla400q1.domain.com ipa: INFO: trying https://slpidml01.unix.domain.com/ipa/xml ipa: INFO: Forwarding 'host_show' to server u' https://slpidml01.unix.domain.com/ipa/xml' Host name: sla400q1.domain.com Principal name: host/[email protected] Password: False Keytab: True Managed by: sla400q1.domain.com I generated the keytab: [xxx@slpidml01 ~]$ ipa-getkeytab -s slpidml01.unix.domain.com -p host/ sla400q1.domain.com -k /tmp/sla400q1.keytabKeytab successfully retrieved and stored in: /tmp/sla400q1.keytab [xxx@slpidml01 ~]$ Then I copied that keytab to the host and put it in /etc/krb5/krb5.keytab But, when I list the principals in the keytab: sla400q1:/var/adm> /usr/krb5/bin/klist -k -e Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- --------- 1 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 1 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 1 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 1 host/[email protected] (ArcFour with HMAC/md5) 2 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 2 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 2 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 2 host/[email protected] (ArcFour with HMAC/md5) 1 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 1 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 1 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 1 host/[email protected] (ArcFour with HMAC/md5) 2 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 2 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 2 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 2 host/[email protected] (ArcFour with HMAC/md5) 3 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 3 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 3 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 3 host/[email protected] (ArcFour with HMAC/md5) 4 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 4 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 4 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 4 host/[email protected] (ArcFour with HMAC/md5) 5 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 5 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 5 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 5 host/[email protected] (ArcFour with HMAC/md5) 6 host/[email protected] (AES-256 CTS mode with 96-bit SHA-1 HMAC) 6 host/[email protected] (AES-128 CTS mode with 96-bit SHA-1 HMAC) 6 host/[email protected] (Triple DES cbc mode with HMAC/sha1) 6 host/[email protected] (ArcFour with HMAC/md5) Where are the sla400q1.unix.domain.com coming from? I've done this over and over, I can't find any reference to sla400q1.unix.domain.com in DNS in IPA, and the box never had any unix.comain.com references. In addition, I’m still getting the error: Miscellaneous failure\nNo principal in keytab matches desired name\n in the logs, even though: sla400q1:/var/adm> grep sla400q1 /etc/hosts 192.168.42.108 sla400q1-bk #10.200.5.48 sla400q1.domain.com sla400q1 10.200.5.48 sla400q1.domain.com sla400q1 sla400q1:/var/adm> hostname sla400q1.domain.com sla400q1:/var/adm> domainname domain.com sla400q1:/var/adm> Any clues?
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
