It appears I have resolved my certificate expiration
issue<https://lists.fedorahosted.org/archives/list/freeipa-users@lists...
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
But I have a another issue
grant@ef-idm01:~[20240229-10:11][#772]$ klist
Ticket cache: KCM:555
Default principal: grant@PRODUCTION.EFILM.COM<mailto:grant@PRODUCTION.EFILM.COM>
Valid starting Expires Service principal
02/29/2024 10:11:56 03/01/2024 09:42:34
krbtgt/PRODUCTION.EFILM.COM@PRODUCTION.EFILM.COM<mailto:krbtgt/PRODUCTION.EFILM.COM@PRODUCTION.EFILM.COM>
grant@ef-idm01:~[20240229-10:12][#773]$ ipa user-find roland
ipa: ERROR: No valid Negotiate header in server response
grant@ef-idm01:~[20240229-10:12][#774]$ ipa server-find
ipa: ERROR: No valid Negotiate header in server response
grant@ef-idm01:~[20240229-10:18][#775]$ sudo systemctl status gssproxy.service
[sudo] password for grant:
● gssproxy.service - GSSAPI Proxy Daemon
Loaded: loaded (/usr/lib/systemd/system/gssproxy.service; disabled; vendor preset:
disabled)
Active: active (running) since Tue 2024-02-20 13:57:40 PST; 1 weeks 1 days ago
Process: 2158008 ExecStart=/usr/sbin/gssproxy -D (code=exited, status=0/SUCCESS)
Main PID: 2158009 (gssproxy)
Tasks: 6 (limit: 74714)
Memory: 10.5M
CGroup: /system.slice/gssproxy.service
└─2158009 /usr/sbin/gssproxy -D
Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com>
systemd[1]: gssproxy.service: Succeeded.
Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com>
systemd[1]: Stopped GSSAPI Proxy Daemon.
Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com>
systemd[1]: Starting GSSAPI Proxy Daemon...
Feb 20 13:57:40 ef-idm01.production.efilm.com<http://ef-idm01.production.efilm.com>
systemd[1]: Started GSSAPI Proxy Daemon.
grant@ef-idm01:~[20240229-10:18][#776]$
I searched online for some references and it was suggested I generate the
/var/lib/ipa/gssproxy/http.keytab
The keytab file appears OKAY to me though.
I would like to get this issue behind me
thanx
- grant