On Mon, Jan 07, 2013 at 09:56:42AM +0100, Han Boetes wrote: > There was something going on with a firewall blocking something and that > windows host didn't have a cert yet. But still: > > Using Kerberos authentication > Using principal fh@REALM > Got host ticket host/test-server-ipa.domain@REALM > Using username "fh". > Successful Kerberos connection > Last login: Mon Jan 7 07:38:19 2013 from ipa-w7.domain > [fh@test-server-ipa ~]$ klist > klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1554800011) > > klist on the host shows all tickets are forwordable and the forwarding > option in both putty versions is on.
yes, but the other flag is used by Windows to check if the target service can be trusted, see e.g. the 'How do I use delegation?' section on http://support.microsoft.com/kb/266080 . > > Which version of FreeIPA are you using? There are issues in older > > version which prevents kadmin.local from working. > > > > The default stable: > > [root@auth-ipa ssl_for_ipa-w7]# rpm -qa |grep ipa- > ipa-client-2.2.0-16.el6.x86_64 > ipa-pki-ca-theme-9.0.3-7.el6.noarch > ipa-admintools-2.2.0-16.el6.x86_64 > ipa-server-selinux-2.2.0-16.el6.x86_64 > ipa-server-2.2.0-16.el6.x86_64 > ipa-pki-common-theme-9.0.3-7.el6.noarch > ipa-python-2.2.0-16.el6.x86_64 > I'll set up a server and check why kadmin.local is not working. bye, Sumit _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users