well, I thought I was out of the woods, but I still have some issues. the services are running, but kinit gets me a ticket to nowhere.
"ipa: ERROR: No valid Negotiate header in server response" grant@ef-idm01:~[20240220-14:36][#785]$ klist Ticket cache: KCM:555 Default principal: gr...@production.efilm.com Valid starting Expires Service principal 02/20/2024 14:36:12 02/21/2024 13:51:10 krbtgt/production.efilm....@production.efilm.com grant@ef-idm01:~[20240220-14:36][#786]$ ipa server-find ipa: ERROR: No valid Negotiate header in server response grant@ef-idm01:~[20240220-14:36][#787]$ sudo systemctl status gssproxy.service ● gssproxy.service - GSSAPI Proxy Daemon Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2024-02-20 13:57:40 PST; 39min ago Process: 2158008 ExecStart=/usr/sbin/gssproxy -D (code=exited, status=0/SUCCESS) Main PID: 2158009 (gssproxy) Tasks: 6 (limit: 74714) Memory: 4.2M CGroup: /system.slice/gssproxy.service └─2158009 /usr/sbin/gssproxy -D Feb 20 13:57:40 ef-idm01.production.efilm.com systemd[1]: gssproxy.service: Succeeded. Feb 20 13:57:40 ef-idm01.production.efilm.com systemd[1]: Stopped GSSAPI Proxy Daemon. Feb 20 13:57:40 ef-idm01.production.efilm.com systemd[1]: Starting GSSAPI Proxy Daemon... Feb 20 13:57:40 ef-idm01.production.efilm.com systemd[1]: Started GSSAPI Proxy Daemon. grant@ef-idm01:~[20240220-14:37][#788]$ sudo ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa: INFO: The ipactl command was successful grant@ef-idm01:~[20240220-14:37][#789]$ I looked online for some references and it was suggested I replace the /var/lib/ipa/gssproxy/http.keytab The file looks OKAY to me though. -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue