Yep, "ipa user-add-principal bretw(a)DAMASCUSGRP.COM" did the trick. I'll
run through the rest next. Thanks for the help, Rob & Alexander.
On 05/07/2018 10:07 AM, Rob Crittenden wrote:
Bret Wortman via FreeIPA-users wrote:
> I can show a migrated entry, certainly. I'll use my own.
>
> First, the log shows these entries when I try to generate or set a
> password:
>
> [datetime] - ERR - ipapwd_encrypt_encode_key - [file_encoding.c, line
> 143]: no krbPrincipalName present in this entry
> [datetime] - ERR - ipapwd_gen_hashes - [file encoding.c, line 234]:
> key encryption/encoding failed
>
> Here's the user entry:
>
> # ipa user-find bretw
> --------------
> 1 user matched
> --------------
> User login: bretw
> First name: Bret
> Last name: Wortman
> Home directory: /nethome/bretw
> Login shell: /bin/bash
> Email address: bret(a)damascusgrp.com
> UID: 10042
> GID: 100
> Account disabled: False
> ----------------------------
> Number of entries returned 1
> ----------------------------
> #
Ok, I was hoping to see the whole LDAP entry. In any case it looks
like when you migrated the users you didn't set krbPrincipalName.
You'll also need to be sure that the users have the krbprincipalaux
objectclass.
rob
>
>
> On 05/04/2018 10:48 AM, Rob Crittenden wrote:
>> Bret Wortman via FreeIPA-users wrote:
>>> I've just finished setting up a new IPA server, planning to use it
>>> and some replicas to replace our existing servers. I did this by
>>> dumping all the data from the old ones using a series of ipa
>>> commands and then used custom parsers to re-create the entries on
>>> the new one (so as not to propagate our lack of CA into the new
>>> servers).
>>>
>>> When I went to set new passwords on all the migrated accounts, I
>>> get this error in the web ui: "IPA Error 4031: EmptyResult no
>>> matching entry found".
>>>
>>> The CLI results in this:
>>>
>>> # ipa user-mod homer --random
>>> ipa: ERROR: Operations error: key encryption/encoding failed
>>>
>>> Any idea what might cause this and how I should fix it?
>>
>> Look in /var/log/dirsrv-YOURINSTANCE/errors for additional logging
>> on this.
>>
>> Looks like it is failing in generating the Kerberos principal key.
>>
>> Any chance you could show a migrated entry?
>>
>> rob
>>
>>>
>>>
>>> --
>>> photo
>>>
>>> *Bret Wortman*
>>> Founder, Damascus Products LLC
>>>
>>> 855-644-2783 <tel:855-644-2783> | 303-523-8037 <tel:303-523-8037>
|
>>> bret(a)damascusproducts.com <mailto:bret@damascusproducts.com>
>>>
>>>
http://damascusproducts.com/
>>>
>>> 10332 Main St Suite 319 Fairfax, VA 22030
>>>
>>> <
http://facebook.com/wrapbuddiesco>
>>> <
http://www.linkedin.com/in/bretwortman>
>>> <
http://twitter.com/wrapbuddiesco>
>>> <
http://instagram.com/wrapbuddies>
>>>
>>>
>>>
>>> _______________________________________________
>>> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>> To unsubscribe send an email to
>>> freeipa-users-leave(a)lists.fedorahosted.org
>>>
>>
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
>