On 18/02/2020 10.53, Djan D via FreeIPA-users wrote:
HI
Installed a fresh IPA server on CentOS 6 and all services are up and
running. While trying to create database for the first-time, i am facing
following error.
* # /usr/sbin/kdb5_util create -r
TESTLAB.ORG <
http://TESTLAB.ORG> -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm '*
TESTLAB.ORG <
http://TESTLAB.ORG> *';,
master key name 'K/M@*
TESTLAB.ORG <
http://TESTLAB.ORG> *'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
*
*kdb5_util: Kerberos database constraints violated while adding entries
to the database *
Facing the same error while trying to create a principal:
# kadmin.local -q "add_principal -randkey reader@
TESTLAB.ORG
<
http://TESTLAB.ORG> "
Authenticating as principal admin/admin@
TESTLAB.ORG
<
http://TESTLAB.ORG> with password.
WARNING: no policy specified for reader@
TESTLAB.ORG
<
http://TESTLAB.ORG> ; defaulting to no policy
add_principal: Kerberos database constraints violated while creating
"reader@
TESTLAB.ORG <
http://TESTLAB.ORG> ".
Can anyone point to me the exact reason for the error ?
IPA server creates and
manages the KRB5 database for you. You must not
use any low-level Kerberos tools to interact with the database directly.
In order to create a user in IPA, you have to use the command line tools
or the web interface.
$ kinit admin
$ ipa user-add reader
Christian
--
Christian Heimes
Principal Software Engineer, Identity Management and Platform Security
Red Hat GmbH,
http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Laurie Krebs, Michael O'Neill,
Thomas Savage