Re: [Freeipa-users] version mismatch while joining a client ?
Hi, You can take the file with F14 intallation DVD. It work for me. You may need to make a script to be able to swap you libcurl file, because when you install the old version, yum doesn't work any more. Regards, Sylvain PANNETRAT Le 01/08/11 00:30, Steven Jones a écrit : Hi, For RHEL6.1 64bit, Can you tell me which "old" libcurl is the right one? I seem to be getting bogged down with RH supportseems the gdowngrade wnet from x86_64 to i686 but still the same subpatch -26I think I want -16? :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ From: Rob Crittenden [rcrit...@redhat.com] Sent: Friday, 29 July 2011 10:17 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] version mismatch while joining a client ? Steven Jones wrote: client install attempt info What version of libcurl do you have installed on the client? I realize you downgraded it, just curious what you ended up with. Can you look on the server and see if there is an exception related to principal not being set? rob regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Friday, 29 July 2011 9:59 a.m. Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] version mismatch while joining a client ? I just downgraded libcurl and curl on rhel6.1 clientstill broken. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] version mismatch while joining a client ?
Hi, For RHEL6.1 64bit, Can you tell me which "old" libcurl is the right one? I seem to be getting bogged down with RH supportseems the gdowngrade wnet from x86_64 to i686 but still the same subpatch -26I think I want -16? :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ From: Rob Crittenden [rcrit...@redhat.com] Sent: Friday, 29 July 2011 10:17 a.m. To: Steven Jones Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] version mismatch while joining a client ? Steven Jones wrote: > client install attempt info What version of libcurl do you have installed on the client? I realize you downgraded it, just curious what you ended up with. Can you look on the server and see if there is an exception related to principal not being set? rob > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Steven Jones [steven.jo...@vuw.ac.nz] > Sent: Friday, 29 July 2011 9:59 a.m. > Cc: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] version mismatch while joining a client ? > > I just downgraded libcurl and curl on rhel6.1 clientstill broken. > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Once Again: Freeipa and Windows 7
Hello I'm trying again to setup a pilot freeipa infrastructure for linux/afs servers and windows clients. So the first (and most hard) task is to join a "windows 7" into freeipa/kerberos. I already read the available documentation and setup my pilot client with the following parameters: ksetup /setdomain SAMPLE.CH ksetup /SetRealm SAMPLE.CH ksetup /AddKdc SAMPLE.CH freeipa.sample.ch ksetup /AddKpasswd SAMPLE.CH freeipa.sample.ch ksetup /SetComputerPassword MYPASSWORDHERE ksetup /MapUser * * Changed the available encryption types for kerberos in secpool.msc under Local Policies/Security Options/Network Security/Network Security: Configure encryption types allowed for Kerberos to: DES_CBC_CRC,DES_CBC_MD5,RC4_HMAC_MD5,AES128_HMAC_SHA1,AES256_HMAC_SHA1, Furter encryption types Created a host principal in the freeipa webinterface and set the OTP to MYPASSWORDHERE. The clock of the windows 7 machine is synced with the ntpd of the freeipa server. When I try to login I get the usual password change request dialog on the windows 7 client and the following krb5log entry: Jul 31 10:39:05 freeipa.sample.ch krb5kdc[6780](info): AS_REQ (7 etypes {18 17 23 3 1 24 -135}) 192.168.1.90: CLIENT KEY EXPIRED: isn-rol...@sample.ch for krbtgt/sample...@sample.ch, Password has expired When try to change the password I get only "The username or password is wrong" with the following krb5log entries: Jul 31 10:39:43 freeipa.sample.ch krb5kdc[6780](info): AS_REQ (7 etypes {18 17 23 3 1 24 -135}) 192.168.1.90: NEEDED_PREAUTH: isn-rol...@sample.ch for kadmin/chang...@sample.ch, Additional pre-authentication required Jul 31 10:39:43 freeipa.sample.ch krb5kdc[6780](info): preauth (timestamp) verify failure: Decrypt integrity check failed Jul 31 10:39:43 freeipa.sample.ch krb5kdc[6780](info): AS_REQ (7 etypes {18 17 23 3 1 24 -135}) 192.168.1.90: PREAUTH_FAILED: isn-rol...@sample.ch for kadmin/chang...@sample.ch, Decrypt integrity check failed Jul 31 10:39:43 freeipa.sample.ch krb5kdc[6780](info): preauth (timestamp) verify failure: Decrypt integrity check failed Jul 31 10:39:43 freeipa.sample.ch krb5kdc[6780](info): AS_REQ (7 etypes {18 17 23 3 1 24 -135}) 192.168.1.90: PREAUTH_FAILED: isn-rol...@sample.ch for kadmin/chang...@sample.ch, Decrypt integrity check failed After long googeling and long investigation, I can't see the issue behind this problems. Does someone has setup a similar environment and give me some advice to get this up and running? Regards Roland ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users