Faraz Younus via FreeIPA-users wrote: > no I did not modify the file , this is from ipa master server, i also > installed ipa client on master bcoz i was getting sssd no cache > credentials error, when i install client on master it fixed that error, > now I'm getting ldap error after that sssd error
It should not have been possible to run ipa-client-install on a master. I don't know what you did to force it, or what the full consequences may be, but I'd try adding the things that Flo suggested to /etc/ipa/default.conf and restarting httpd to see if it helps. ldap_uri = ldapi://%2fvar%2frun%2fslapd-FIXEDANDMOBILE-COM.socket ra_plugin = dogtag dogtag_version = 10 mode = production rob > > On Fri, Mar 13, 2020, 7:17 PM Florence Blanc-Renaud <f...@redhat.com > <mailto:f...@redhat.com>> wrote: > > On 3/13/20 8:43 AM, Faraz Younus via FreeIPA-users wrote: > > cat /etc/ipa/default.conf > > > > #File modified by ipa-client-install > > > > > > [global] > > > > basedn = dc=fixedandmobile,dc=com > > > > realm = FIXEDANDMOBILE.COM <http://FIXEDANDMOBILE.COM> > <http://FIXEDANDMOBILE.COM> > > > > domain = fixedandmobile.com <http://fixedandmobile.com> > <http://fixedandmobile.com> > > > > server = sg.fixedandmobile.com <http://sg.fixedandmobile.com> > <http://sg.fixedandmobile.com> > > > > host = sg.fixedandmobile.com <http://sg.fixedandmobile.com> > <http://sg.fixedandmobile.com> > > > > xmlrpc_uri = https://sg.fixedandmobile.com/ipa/xml > > > > enable_ra = True > > Hi, > > looks like you are trying to run "ipactl status" on a FreeIPA client, > because on a server I would expect the file to also contain: > > ldap_uri = ldapi://%2Fvar%2Frun%2Fslapd-FIXEDANDMOBILE-COM.socket > mode = production > ra_plugin = dogtag > dogtag_version = 10 > > But on a client, the host and server values would be different. > Did you manually modify the file? > > flo > > > > > > On Fri, Mar 13, 2020 at 12:02 PM Florence Blanc-Renaud > <f...@redhat.com <mailto:f...@redhat.com> > > <mailto:f...@redhat.com <mailto:f...@redhat.com>>> wrote: > > > > On 3/13/20 6:42 AM, Faraz Younus via FreeIPA-users wrote: > > > I can have the update on below LDAP error ? > > > > What is the content of the /etc/ipa/default.conf file? > Especially, is > > there a value for "ldap_uri" and does it start with "ldap_uri = > > ldapi://..." ? > > > > flo > > > > > > On Wed, Mar 11, 2020 at 6:34 PM Faraz Younus > <fara...@gmail.com <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>>> wrote: > > > > > > I have added freeipa users list as well to this thread > > > > > > On Wed, Mar 11, 2020 at 6:31 PM Rob Crittenden > > <rcrit...@redhat.com <mailto:rcrit...@redhat.com> > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > > > <mailto:rcrit...@redhat.com > <mailto:rcrit...@redhat.com> <mailto:rcrit...@redhat.com > <mailto:rcrit...@redhat.com>>>> wrote: > > > > > > Faraz Younus wrote: > > > > Thanks pasted the text instead of screenshots. > > > > > > This will work. Can you post this to the > freeipa-users list? > > > > > > rob > > > > > > > > > > > First failed then successful but after that LDAP > broken. > > > > > > > > palib.install.certmonger: DEBUG: certmonger > request is > > in state > > > > dbus.String(u'CA_UNREACHABLE', variant_level=1) > > > > > > > > ipapython.admintool: DEBUG: File > > > > > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", > > > line 178, in > > > > execute > > > > > > > > return_value = self.run() > > > > > > > > File > > > > > > > > > > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", > > > > line 62, in run > > > > > > > > run_with_args(api) > > > > > > > > File > > > > > > > > > > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", > > > > line 112, in run_with_args > > > > > > > > update_server(certs) > > > > > > > > File > > > > > > > > > > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", > > > > line 192, in update_server > > > > > > > > "please check the request manually" % > request_id) > > > > > > > > > > > > ipapython.admintool: DEBUG: The ipa-certupdate > command > > failed, > > > > exception: ScriptError: Error resubmitting > certmonger > > request > > > > '20200311065837', please check the request manually > > > > > > > > ipapython.admintool: ERROR: Error resubmitting > > certmonger request > > > > '20200311065837', please check the request manually > > > > > > > > ipapython.admintool: ERROR: The ipa-certupdate > command > > failed. > > > > > > > > [root@sg ansible]# kinit admin > > > > > > > > Password for ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>>: > > > > > > > > > > > > [root@sg ansible]# klist -kt /etc/krb5.keytab > > > > > > > > Keytab name: FILE:/etc/krb5.keytab > > > > > > > > KVNO Timestamp Principal > > > > > > > > ---- ----------------- > > > > > -------------------------------------------------------- > > > > > > > > 3 03/11/20 07:15:51 > > > host/sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>> > > > > > > > > 3 03/11/20 07:15:51 > > > host/sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>> > > > > > > > > [root@sg ansible]# ipa-certupdate -v > > > > > > > > ipapython.admintool: DEBUG: Not logging to a file > > > > > > > > ipalib.plugable: DEBUG: importing all plugin > modules in > > > > ipaclient.remote_plugins.schema$79e69edd... > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > > ipaclient.remote_plugins.schema$79e69edd.plugins > > > > > > > > ipalib.plugable: DEBUG: importing all plugin > modules in > > > ipaclient.plugins... > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.automember > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.automount > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.ca <http://ipaclient.plugins.ca> > <http://ipaclient.plugins.ca> > > <http://ipaclient.plugins.ca> > > > > <http://ipaclient.plugins.ca> > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.cert > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.certmap > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > > ipaclient.plugins.certprofile > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.csrgen > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.dns > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.hbacrule > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.hbactest > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.host > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.idrange > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.internal > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.location > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.migration > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.misc > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.otptoken > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > > ipaclient.plugins.otptoken_yubikey > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.passwd > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.permission > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.rpcclient > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.server > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.service > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.sudorule > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.topology > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.trust > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.user > > > > > > > > ipalib.plugable: DEBUG: importing plugin module > > > ipaclient.plugins.vault > > > > > > > > ipalib.rpc: DEBUG: failed to find session_cookie in > > > persistent storage > > > > for principal 'ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>>' > > > > > > > > ipalib.rpc: INFO: trying > > https://sg.fixedandmobile.com/ipa/json > > > > > > > > ipalib.rpc: DEBUG: New HTTP connection > > (sg.fixedandmobile.com <http://sg.fixedandmobile.com> > <http://sg.fixedandmobile.com> > > > <http://sg.fixedandmobile.com> > > > > <http://sg.fixedandmobile.com>) > > > > > > > > ipalib.rpc: DEBUG: received Set-Cookie (<type > > > > > > > > > > > 'list'>)'['ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;path=/ipa;httponly;secure;']' > > > > > > > > ipalib.rpc: DEBUG: storing cookie > > > > > > > > > > > 'ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;' > > > > for principal ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>> > > > > > > > > ipalib.backend: DEBUG: Created connection > > > context.rpcclient_139702145432656 > > > > > > > > ipalib.install.kinit: DEBUG: Initializing principal > > > > host/sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>> using keytab > > > > /etc/krb5.keytab > > > > > > > > ipalib.install.kinit: DEBUG: using ccache > > /tmp/tmp-v__2gr/ccache > > > > > > > > ipalib.install.kinit: DEBUG: Attempt 1/1: success > > > > > > > > ipalib.frontend: DEBUG: raw: > > ca_is_enabled(version=u'2.107') > > > > > > > > ipalib.frontend: DEBUG: > ca_is_enabled(version=u'2.107') > > > > > > > > ipalib.rpc: INFO: [try 1]: Forwarding > 'ca_is_enabled/1' to > > > json server > > > > 'https://sg.fixedandmobile.com/ipa/json' > > > > > > > > ipalib.rpc: DEBUG: HTTP connection keep-alive > > > (sg.fixedandmobile.com > <http://sg.fixedandmobile.com> <http://sg.fixedandmobile.com> > > <http://sg.fixedandmobile.com> > > > > <http://sg.fixedandmobile.com>) > > > > > > > > ipalib.rpc: DEBUG: received Set-Cookie (<type > > > > > > > > > > > 'list'>)'['ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;path=/ipa;httponly;secure;']' > > > > > > > > ipalib.rpc: DEBUG: storing cookie > > > > > > > > > > > 'ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;' > > > > for principal ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>> > > > > > > > > ipapython.ipaldap: DEBUG: retrieving schema for > > SchemaCache > > > > url=ldap://sg.fixedandmobile.com:389 > <http://sg.fixedandmobile.com:389> > > <http://sg.fixedandmobile.com:389> > > > <http://sg.fixedandmobile.com:389> > > > <http://sg.fixedandmobile.com:389> > > > > conn=<ldap.ldapobject.SimpleLDAPObject instance at > > > 0x7f0ef07b8c68> > > > > > > > > ipalib.frontend: DEBUG: raw: ca_find(None, > > version=u'2.231') > > > > > > > > ipalib.frontend: DEBUG: ca_find(None, > version=u'2.231') > > > > > > > > ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to > > json server > > > > 'https://sg.fixedandmobile.com/ipa/json' > > > > > > > > ipalib.rpc: DEBUG: HTTP connection keep-alive > > > (sg.fixedandmobile.com > <http://sg.fixedandmobile.com> <http://sg.fixedandmobile.com> > > <http://sg.fixedandmobile.com> > > > > <http://sg.fixedandmobile.com>) > > > > > > > > ipalib.rpc: DEBUG: received Set-Cookie (<type > > > > > > > > > > > 'list'>)'['ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;path=/ipa;httponly;secure;']' > > > > > > > > ipalib.rpc: DEBUG: storing cookie > > > > > > > > > > > 'ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;' > > > > for principal ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>> > > > > > > > > ipalib.install.sysrestore: DEBUG: Loading Index > file from > > > > '/var/lib/ipa/sysrestore/sysrestore.index' > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > > dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n > > > FIXEDANDMOBILE.COM <http://FIXEDANDMOBILE.COM> > <http://FIXEDANDMOBILE.COM> > > <http://FIXEDANDMOBILE.COM> > > > > <http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a -f > > > > /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > > dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n > > > > E=supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > <mailto:supp...@fixedandmobile.com <mailto:supp...@fixedandmobile.com>>> > > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>> > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>>>>,CN=sg.fixedandmobile.com > <http://sg.fixedandmobile.com> > > <http://sg.fixedandmobile.com> > > > <http://sg.fixedandmobile.com> > > > > > > > > > > > <http://sg.fixedandmobile.com>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG > > > > -t C,, -a -f > > /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > is-active > > > > dirsrv@FIXEDANDMOBILE-COM.service > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout=active > > > > > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > --system > > > daemon-reload > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > restart > > > > dirsrv@FIXEDANDMOBILE-COM.service > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > is-active > > > > dirsrv@FIXEDANDMOBILE-COM.service > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout=active > > > > > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: wait_for_open_ports: > localhost > > > [389] timeout 300 > > > > > > > > ipapython.ipautil: DEBUG: waiting for port: 389 > > > > > > > > ipapython.ipautil: DEBUG: SUCCESS: port: 389 > > > > > > > > ipaplatform.base.services: DEBUG: Restart of > > > > dirsrv@FIXEDANDMOBILE-COM.service complete > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > dbm:/etc/httpd/alias > > > > -A -n FIXEDANDMOBILE.COM > <http://FIXEDANDMOBILE.COM> <http://FIXEDANDMOBILE.COM> > > <http://FIXEDANDMOBILE.COM> > > > <http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a > > > > -f /etc/httpd/alias/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > dbm:/etc/httpd/alias > > > > -A -n E=supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>> > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>>> > > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>> > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>>>>,CN=sg.fixedandmobile.com > <http://sg.fixedandmobile.com> > > <http://sg.fixedandmobile.com> > > > <http://sg.fixedandmobile.com> > > > > > > > > > > > <http://sg.fixedandmobile.com>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG > > > > -t C,, -a -f /etc/httpd/alias/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > is-active > > > httpd.service > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout=active > > > > > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > restart > > > httpd.service > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/bin/systemctl > is-active > > > httpd.service > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout=active > > > > > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipaplatform.base.services: DEBUG: Restart of > httpd.service > > > complete > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > dbm:/etc/ipa/nssdb > > > > -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, return > > code=255 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr=certutil: Could > not find > > > cert: IPA CA > > > > > > > > : PR_FILE_NOT_FOUND_ERROR: File not found > > > > > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > dbm:/etc/ipa/nssdb > > > > -L -n External CA cert -a -f > /etc/ipa/nssdb/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, return > > code=255 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr=certutil: Could > not find > > > cert: External > > > > CA cert > > > > > > > > : PR_FILE_NOT_FOUND_ERROR: File not found > > > > > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > dbm:/etc/ipa/nssdb > > > > -A -n FIXEDANDMOBILE.COM > <http://FIXEDANDMOBILE.COM> <http://FIXEDANDMOBILE.COM> > > <http://FIXEDANDMOBILE.COM> > > > <http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a > > > > -f /etc/ipa/nssdb/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d > > > dbm:/etc/ipa/nssdb > > > > -A -n E=supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>> > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>>> > > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>> > > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com> > > <mailto:supp...@fixedandmobile.com > <mailto:supp...@fixedandmobile.com>>>>,CN=sg.fixedandmobile.com > <http://sg.fixedandmobile.com> > > <http://sg.fixedandmobile.com> > > > <http://sg.fixedandmobile.com> > > > > > > > > > > > <http://sg.fixedandmobile.com>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG > > > > -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: > args=/usr/bin/update-ca-trust > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipaplatform.redhat.tasks: INFO: Systemwide CA > database > > updated. > > > > > > > > ipapython.ipautil: DEBUG: Starting external process > > > > > > > > ipapython.ipautil: DEBUG: > args=/usr/bin/update-ca-trust > > > > > > > > ipapython.ipautil: DEBUG: Process finished, > return code=0 > > > > > > > > ipapython.ipautil: DEBUG: stdout= > > > > > > > > ipapython.ipautil: DEBUG: stderr= > > > > > > > > ipaplatform.redhat.tasks: INFO: Systemwide CA > database > > updated. > > > > > > > > ipalib.backend: DEBUG: Destroyed connection > > > > context.rpcclient_139702145432656 > > > > > > > > ipapython.admintool: INFO: The ipa-certupdate > command was > > > successful > > > > > > > > [root@sg ansible]# ipactl status > > > > > > > > *Unknown error when retrieving list of services > from LDAP: > > > need more > > > > than 1 value to unpack* > > > > > > > > *[root@sg ansible]# ipactl restart* > > > > > > > > *Failed to read data from Directory Service: Unknown > > error when > > > > retrieving list of services from LDAP: need more > than > > 1 value > > > to unpack* > > > > > > > > *Shutting down* > > > > > > > > > > > > On Wed, Mar 11, 2020 at 5:36 PM Rob Crittenden > > > <rcrit...@redhat.com <mailto:rcrit...@redhat.com> > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com> > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> > > > > <mailto:rcrit...@redhat.com > <mailto:rcrit...@redhat.com> > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>> > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com> > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>>>> > wrote: > > > > > > > > Faraz Younus wrote: > > > > > > > > > > Kindly approve this email, please > > > > > > > > It is nearly 5MB due to the screen shots. Please > > either > > > reduce their > > > > size or preferably just copy/paste the text. > > > > > > > > rob > > > > > > > > > > > > > > On Wed, Mar 11, 2020 at 12:28 PM Faraz Younus > > > <fara...@gmail.com <mailto:fara...@gmail.com> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>> > > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>>> > > > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>> > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> <mailto:fara...@gmail.com > <mailto:fara...@gmail.com>> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>>>>> wrote: > > > > > > > > > > I fixed that error ipaclient is > required on > > master > > > server, I > > > > created > > > > > new master with ipaclient > > > > > > > > > > [root@sg ansible]# klist -kt > /etc/krb5.keytab > > > > > > > > > > Keytab name: FILE:/etc/krb5.keytab > > > > > > > > > > KVNO Timestamp Principal > > > > > > > > > > ---- ----------------- > > > > > > > > > -------------------------------------------------------- > > > > > > > > > > 3 03/11/20 07:15:51 > > > > > host/sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>> > > > > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>>> > > > > > > > > > > 3 03/11/20 07:15:51 > > > > > host/sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>> > > > > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>> > > > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>> > > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com> > > <mailto:sg.fixedandmobile....@fixedandmobile.com > <mailto:sg.fixedandmobile....@fixedandmobile.com>>>>> > > > > > > > > > > > > > > > > > > > > But Now Issue is that when I updating the > > external > > > certificate > > > > it is > > > > > failing first time then it got successful > > however > > > it broke the > > > > LDAP. > > > > > Screenshots are attached > > > > > > > > > > [root@sg ansible]# ipactl restart > > > > > > > > > > Failed to read data from Directory > Service: > > Unknown > > > error when > > > > > retrieving list of services from LDAP: > need more > > > than 1 value > > > > to unpack > > > > > > > > > > Shutting down > > > > > > > > > > > > > > > Screen Shot 2020-03-11 at 12.22.40 PM.png > > > > > > > > > > Screen Shot 2020-03-11 at 12.23.36 PM.png > > > > > > > > > > On Tue, Mar 10, 2020 at 7:33 PM Robbie > Harwood > > > > <rharw...@redhat.com > <mailto:rharw...@redhat.com> <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com>> > > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com> > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com>>> > > > <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com> <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com>> > > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com> > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com>>>> > > > > > <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com> > > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com>> > > > <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com> <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com>>> > > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com> > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com>> > > > <mailto:rharw...@redhat.com > <mailto:rharw...@redhat.com> > > <mailto:rharw...@redhat.com <mailto:rharw...@redhat.com>>>>>> > wrote: > > > > > > > > > > Faraz Younus <fara...@gmail.com > <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> <mailto:fara...@gmail.com > <mailto:fara...@gmail.com>>> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> <mailto:fara...@gmail.com > <mailto:fara...@gmail.com>>>> > > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>> > > > <mailto:fara...@gmail.com > <mailto:fara...@gmail.com> <mailto:fara...@gmail.com > <mailto:fara...@gmail.com>> > > <mailto:fara...@gmail.com <mailto:fara...@gmail.com> > <mailto:fara...@gmail.com <mailto:fara...@gmail.com>>>>>> writes: > > > > > > > > > > > Yes /tmp is writable for everyone. > > > > > > > > > > > > drwxrwxrwt. root root 4.0K tmp > > > > > > > > > > > > [root@ipa5 centos]# kinit admin > > > > > > > > > > > > Password for > ad...@fixedandmobile.com <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>> > > > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>> > > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>> > > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com> > > <mailto:ad...@fixedandmobile.com > <mailto:ad...@fixedandmobile.com>>>>>: > > > > > > > > > > > > > > > > > > The output for /etc/krb5.keytab > > > > > > > > > > > > > > > > > > [root@ipa5 centos]# klist -kt > > /etc/krb5.keytab > > > > > > > > > > > > Keytab name: FILE:/etc/krb5.keytab > > > > > > > > > > > > KVNO Timestamp Principal > > > > > > > > > > > > ---- ----------------- > > > > > > > > > > -------------------------------------------------------- > > > > > > > > > > Did you obfuscate this output? > Can you not? > > > > > > > > > > It should contain an entry for > > > > > > > host/ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>> > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>>> > > > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>> > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>>>> > > > > > > > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>> > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>>> > > > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>> > > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com> > > <mailto:ipa5.fixedandmobile....@fixedandmobile.com > <mailto:ipa5.fixedandmobile....@fixedandmobile.com>>>>> . The next > > > > > question is > > > > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
