Scott Reed via FreeIPA-users wrote:
Hi all,
So, I have been working on creating certificates for services on a solid installation of
FreeIPA on a machine we have.
I did everything that this blog stated to do...
https://blog.christophersmart.com/2014/08/24/creating-certs-and-keys-for-...
But now when I enter the command, sudo ipa-getcert list.
The status is CA_UNCONFIGURED, ca-error is "Error setting up ccache for
"host" service on client using default keytab: Preauthentication failed.",
stuck is yes.
I checked the krb5.keytab it's set to -rw------- and root:root.
I'm not sure what else I can do to address the problem. Any help would be
appreciated.
Is this an enrolled IPA client?
If so, what version of IPA is this, on what distribution and what
commands have you run?
Does the keytab work? # kinit -kt /etc/krb5.keytab
rob