azeem via FreeIPA-users wrote:
Hi Rob,
Apologies for the late response. I have set the server time back to 2023-06-23 and when i am running the command - ipa config-show , I am getting :-
ipa config-show ipa: ERROR: Kerberos error: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('KDC returned error string: PROCESS_TGS', -1765328324)/
And when i am doing kinit user , i am getting :- kinit: Generic error (see e-text) while getting initial credentials
The getcert list command shows :- Number of certificates and requests being tracked: 8. Request ID '20160825909273': status: MONITORING ca-error: Error setting up ccache for "host" service on client using default keytab: Generic error (see e-text). stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-TEST-DOMAIN-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-TEST-DOMAINCOM/pwdfile.txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-TEST-DOMAIN-COM',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=TEST-DOMAIN-COM subject: CN=test.domain.com,O=TEST-DOMAIN-COM expires: 2023-12-18 15:52:08 UTC principal name: ldap/test.domain.com(a)TEST.DOMAIN.COM key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv TEST.DOMAIN.COM track: yes auto-renew: yes
Please advice.
While back in time you need to restart the IPA services.
rob