skrawczenko--- via FreeIPA-users wrote: > Hello again. > > I gave up restoring certificates as discussed in > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/HAP3ZPJUPQQ7OM7H4PL7Y5WBC5E43J25/ > While i had to recover the service and rescue data at any cost > > So my decision was probably wrong but i didn't have options > I deployed RedHat instead of CentOS and then deployed fresh IPA 4.9.8 > > Then i migrated directory from the old cluster excluding kerberos fields and > some service accounts/groups > Rebuilt DNS etc > > Initially everything was good at least users, groups and credentials were > saved. > But further configuration resulted some troubles. Briefly, i can't run > commands as admin and anyone else > > kinit admin > Password for admin@<REALM> > [root@idm0 ~]# klist > Ticket cache: KCM:0 > Default principal: admin@<REALM> > > Valid starting Expires Service principal > 06/20/22 07:42:19 06/21/22 06:42:23 krbtgt/<REALM>@<REALM> > > [root@idm0 ~]# ipa user-show admin > ipa: ERROR: cannot connect to 'https://idm0...../ipa/session/json': Exceeded > number of tries to forward a request. > > kinit <any other user> > > ipa user-show <any other user> > ipa: ERROR: Insufficient access: Invalid credentials > > > and /var/log/httpd/error.log has > ipa: INFO: 401 Unauthorized: Insufficient access: Invalid credential > > What could be broken? This happened while i was trying to generate a keytab > for kinit -kt <file> scripts...
You got a keytab for what? A user, service, other? rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
