Hi!
I have found the issue finally, the CA it is not set properly:
Request ID '20250114082209':
status: CA_UNCONFIGURED
ca-error: Error setting up ccache for "host" service on client using
default keytab: Keytab contains no suitable keys for
host/ipa-replica01.test.private@TEST.PRIVATE.
stuck: yes
key pair storage:
type=NSSDB,location='/var/kerberos/krb5kdc',nickname='kdc.crt',token='NSS
Certificate DB'
certificate:
type=NSSDB,location='/var/kerberos/krb5kdc',nickname='kdc.crt'
CA: IPA
issuer:
subject:
expires: unknown
pre-save command:
post-save command:
track: yes
auto-renew: yes
I have executed the klist krb5.keytab command but I think it is correct:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
1 host/ipa-replica01.test.private@TEST.PRIVATE
1 host/ipa-replica01.test.private@TEST.PRIVATE
I tried everything to make that work even trying to set another CA but it
doesn't work, Any idea why? It shoud apper the CA issuer as the rest of the
masters but it appears in blank these options:
issuer:
subject:
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
