Dale Macartney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25/06/12 19:53, Rob Crittenden wrote:
Dale Macartney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all
I have a RHEL 6.2 ipa domain and I am running through one of my known
working kickstarts for kerberised squid but instead of using RHEL i'm
setting it up on Fedora 17.
I get the following error on the fedora system which has
freeipa-admintools installed
[root@proxy02 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ad...@example.com
Valid starting Expires Service principal
06/25/12 20:34:33 06/26/12 20:34:31 krbtgt/example....@example.com
[root@proxy02 ~]# ipa service-add HTTP/$(hostname)
ipa: ERROR: did not receive Kerberos credentials
[root@proxy02 ~]# ipa service-add HTTP/proxy02.example.com
ipa: ERROR: did not receive Kerberos credentials
[root@proxy02 ~]#
Nothing appears in the logs apart from
==> /var/log/messages<==
Jun 25 20:35:34 proxy02 pcscd[25567]: 35998884
winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
Jun 25 20:35:34 proxy02 pcscd[25567]: 00001428
winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
Jun 25 20:35:34 proxy02 pcscd[25567]: 00001013
winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
Jun 25 20:35:34 proxy02 pcscd[25567]: 00001230
winscard.c:241:SCardConnect() Reader E-Gate 0 0 Not Found
Any ideas?
This doesn't block me from what I am trying to achieve as I can add the
service principle from the IPA server. Just thought I might ask the
question.
What version of client and server?
rob
Server details
[root@ds01 ~]# yum info ipa-server
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Installed Packages
Name : ipa-server
Arch : x86_64
Version : 2.1.3
Release : 9.el6
Size : 3.2 M
Repo : installed
- From repo : Red Hat Enterprise Linux
Summary : The IPA authentication server
URL : http://www.freeipa.org/
License : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If you are installing an IPA
server you need
: to install this package (in other words, most people
should NOT install
: this package).
Client details
[root@proxy02 ~]# yum info freeipa-client
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name : freeipa-client
Arch : x86_64
Version : 2.2.0
Release : 1.fc17
Size : 239 k
Repo : installed
- From repo : fedora
Summary : IPA authentication for use on clients
URL : http://www.freeipa.org/
Licence : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). If your network uses IPA for
authentication,
: this package should be installed on every client machine.
[root@proxy02 ~]# yum info freeipa-admintools
Loaded plugins: langpacks, presto, refresh-packagekit
Installed Packages
Name : freeipa-admintools
Arch : x86_64
Version : 2.2.0
Release : 1.fc17
Size : 43 k
Repo : installed
- From repo : fedora
Summary : IPA administrative tools
URL : http://www.freeipa.org/
Licence : GPLv3+
Description : IPA is an integrated solution to provide centrally managed
Identity (machine,
: user, virtual machines, groups, authentication
credentials), Policy
: (configuration settings, access control information) and
Audit (events,
: logs, analysis thereof). This package provides
command-line tools for
: IPA administrators.
[root@proxy02 ~]#
Use the --delegate flag in the ipa tool. The 2.2 servers use S4U2Proxy
so sending the TGT is no longer required as it was pre 2.2.
# ipa --delegate service-add HTTP/$(hostname)
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users