The keytab is also valid, i just checked: [root@replica1 ~]# kvno -k /etc/dirsrv/ds.keytab ldap/replica1.example....@example.com ldap/replica1.example....@example.com: kvno = 2, keytab entry valid
However the dirsrv user does not seem to have credentials cache, but that the case on others replicas too (on the ones, that do not have any issues): [root@replica1 ~]# sudo -u dirsrv kvno -k /etc/dirsrv/ds.keytab ldap/replica1.example....@example.com kvno: Credentials cache 'KCM:389' not found while getting client principal name But I suppose, that the directory process just looks up the keys in LDAP anyway. However, if that is the case, why does it have issues retrieving it? -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
