On pe, 10 marras 2017, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
maybe I missed something, but shouldn't admin have sufficient
privileges to run
# ipa-client-install --hostname stretch1.vs.example.de --no-ssh --no-sshd --no-nisdomain
--no-sudo --no-ntp --no-dns-sshfp
# reboot
:
:
# kinit admin
# ipa-getkeytab -s ipa1.example.de -p HTTP/stretch1.vs.example.de -k
/etc/apache2/apache2.keytab
?
ipa-getkeytab failed with
Failed to parse result: PrincipalName not found.
I would have expected it to create the principal on the fly.
ipa-getkeytab does not
create principal. It creates key for an existing
principal.
"admin" was created at freeipa install time on the first
server,
AFAIR. It is member of the "admins" and "trust admins" groups.
admin is one of very few objects we pre-create. Everything else you have
to create yourself.
I am concerned that I corrupted something. Every helpful comment
is highly appreciated.
It is good that nothing unexpected is created in the database
on its
own. ;)
--
/ Alexander Bokovoy