On 19.09.17 12:07, Alexander Bokovoy wrote:
On ti, 19 syys 2017, Ronald Wimmer wrote:
> On 2017-09-19 11:53, Alexander Bokovoy wrote:
>> [...]
>> Please spend some time reading the documentation. It is vast and has a
>> lot of answers to questions people keep asking on these lists.
>
> I've already spent some time reading the documentation. Since
> "ipa-getkeytab" worked I was not aware of the fact that
"ipa-getkeytab
> -r" would need:
>
> ipa service-allow-retrieve-keytab HTTP/cluster.idm.example.com
--hosts={node01.idm.example.com,node02.idm.example.com}
That's why I gave you these links as you have obviously didn't read
them.
Glad that it works now.
As we ran into this problem again it should be mentioned that restarting
gssproxy.service can be necessary.
In our case Apache was looking for a KVNO 1 whereas the actual file did
already have version number 4.
Cheers,
Ronald