I have the Isilon talking to IPA for LDAP. What I cannot yet do is run the Isilon command to make kerberos work.
=====
tststocoiso-1# kinit admin(a)ODSTEST.VUWTEST.AC.NZ
Password for admin(a)ODSTEST.VUWTEST.AC.NZ:
tststocoiso-1# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin(a)ODSTEST.VUWTEST.AC.NZ
Valid starting Expires Service principal
11/30/21 16:44:56 12/01/21 16:10:10 krbtgt/ODSTEST.VUWTEST.AC.NZ(a)ODSTEST.VUWTEST.AC.NZ
tststocoiso-1# isi auth krb5 spn fix --provider-name=ODSTEST.VUWTEST.AC.NZ --user=admin
password:
Attempting to add missing SPNs:
HTTP/tststocoisnfs01.odstest.vuwtest.ac.nz(a)ODSTEST.VUWTEST.AC.NZ
hdfs/tststocoisnfs01.odstest.vuwtest.ac.nz(a)ODSTEST.VUWTEST.AC.NZ
host/tststocoisnfs01.odstest.vuwtest.ac.nz(a)ODSTEST.VUWTEST.AC.NZ
nfs/tststocoisnfs01.odstest.vuwtest.ac.nz(a)ODSTEST.VUWTEST.AC.NZ
Failed to join realm: (LW_ERROR_KADM5_AUTH_ADD) Operation requires ``add'' privilege
tststocoiso-1#
====
What is the add privilege? how do I grant it to admin?
TY.