Hello again. I gave up restoring certificates as discussed in https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/HAP3ZPJUPQQ7OM7H4PL7Y5WBC5E43J25/ While i had to recover the service and rescue data at any cost
So my decision was probably wrong but i didn't have options I deployed RedHat instead of CentOS and then deployed fresh IPA 4.9.8 Then i migrated directory from the old cluster excluding kerberos fields and some service accounts/groups Rebuilt DNS etc Initially everything was good at least users, groups and credentials were saved. But further configuration resulted some troubles. Briefly, i can't run commands as admin and anyone else kinit admin Password for admin@<REALM> [root@idm0 ~]# klist Ticket cache: KCM:0 Default principal: admin@<REALM> Valid starting Expires Service principal 06/20/22 07:42:19 06/21/22 06:42:23 krbtgt/<REALM>@<REALM> [root@idm0 ~]# ipa user-show admin ipa: ERROR: cannot connect to 'https://idm0...../ipa/session/json': Exceeded number of tries to forward a request. kinit <any other user> ipa user-show <any other user> ipa: ERROR: Insufficient access: Invalid credentials and /var/log/httpd/error.log has ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credential What could be broken? This happened while i was trying to generate a keytab for kinit -kt <file> scripts... _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure