On Mon, 07 May 2018, Rob Crittenden via FreeIPA-users wrote:
Bret Wortman via FreeIPA-users wrote:
I can show a migrated entry, certainly. I'll use my own.
First, the log shows these entries when I try to generate or set a password:
[datetime] - ERR - ipapwd_encrypt_encode_key - [file_encoding.c,
line 143]: no krbPrincipalName present in this entry
[datetime] - ERR - ipapwd_gen_hashes - [file encoding.c, line 234]:
key encryption/encoding failed
Here's the user entry:
# ipa user-find bretw
--------------
1 user matched
--------------
?? User login: bretw
?? First name: Bret
?? Last name: Wortman
?? Home directory: /nethome/bretw
?? Login shell: /bin/bash
?? Email address: b...@damascusgrp.com
?? UID: 10042
?? GID: 100
?? Account disabled: False
----------------------------
Number of entries returned 1
----------------------------
#
Ok, I was hoping to see the whole LDAP entry. In any case it looks
like when you migrated the users you didn't set krbPrincipalName.
You'll also need to be sure that the users have the krbprincipalaux
objectclass.
Yes. In order to easily get the entry output you can still use 'ipa'
command:
ipa user-show --all --raw bretw
would display the content of the LDAP entry.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
