I have added freeipa users list as well to this thread
On Wed, Mar 11, 2020 at 6:31 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Faraz Younus wrote:
> Thanks pasted the text instead of screenshots.
This will work. Can you post this to the freeipa-users list?
rob
>
> First failed then successful but after that LDAP broken.
>
> palib.install.certmonger: DEBUG: certmonger request is in state
> dbus.String(u'CA_UNREACHABLE', variant_level=1)
>
> ipapython.admintool: DEBUG: File
> "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in
> execute
>
> return_value = self.run()
>
> File
> "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py",
> line 62, in run
>
> run_with_args(api)
>
> File
> "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py",
> line 112, in run_with_args
>
> update_server(certs)
>
> File
> "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py",
> line 192, in update_server
>
> "please check the request manually" % request_id)
>
>
> ipapython.admintool: DEBUG: The ipa-certupdate command failed,
> exception: ScriptError: Error resubmitting certmonger request
> '20200311065837', please check the request manually
>
> ipapython.admintool: ERROR: Error resubmitting certmonger request
> '20200311065837', please check the request manually
>
> ipapython.admintool: ERROR: The ipa-certupdate command failed.
>
> [root@sg ansible]# kinit admin
>
> Password for admin(a)FIXEDANDMOBILE.COM <mailto:admin@FIXEDANDMOBILE.COM
>:
>
>
> [root@sg ansible]# klist -kt /etc/krb5.keytab
>
> Keytab name: FILE:/etc/krb5.keytab
>
> KVNO Timestamp Principal
>
> ---- -----------------
> --------------------------------------------------------
>
> 3 03/11/20 07:15:51 host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
>
> 3 03/11/20 07:15:51 host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
>
> [root@sg ansible]# ipa-certupdate -v
>
> ipapython.admintool: DEBUG: Not logging to a file
>
> ipalib.plugable: DEBUG: importing all plugin modules in
> ipaclient.remote_plugins.schema$79e69edd...
>
> ipalib.plugable: DEBUG: importing plugin module
> ipaclient.remote_plugins.schema$79e69edd.plugins
>
> ipalib.plugable: DEBUG: importing all plugin modules in
ipaclient.plugins...
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.automember
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.automount
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca
> <
http://ipaclient.plugins.ca>
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap
>
> ipalib.plugable: DEBUG: importing plugin module
> ipaclient.plugins.certprofile
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.hbacrule
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.hbactest
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.idrange
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.internal
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.location
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.migration
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.otptoken
>
> ipalib.plugable: DEBUG: importing plugin module
> ipaclient.plugins.otptoken_yubikey
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.permission
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.rpcclient
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.service
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.sudorule
>
> ipalib.plugable: DEBUG: importing plugin module
ipaclient.plugins.topology
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user
>
> ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault
>
> ipalib.rpc: DEBUG: failed to find session_cookie in persistent storage
> for principal 'admin(a)FIXEDANDMOBILE.COM <mailto:admin@FIXEDANDMOBILE.COM
>'
>
> ipalib.rpc: INFO: trying
https://sg.fixedandmobile.com/ipa/json
>
> ipalib.rpc: DEBUG: New HTTP connection (
sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com>)
>
> ipalib.rpc: DEBUG: received Set-Cookie (<type
>
'list'>)'['ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;path=/ipa;httponly;secure;']'
>
> ipalib.rpc: DEBUG: storing cookie
>
'ipa_session=MagBearerToken=a5woxNPqwGkbOIbov2siCoVxMmHwiE4IDTv1Q14Cyvb4h2a3Xy9PoQnQfe%2fWUvLCppJSxeVB9Q4kiQMeaWwhrwyjUfdmf%2bzjVmujGelpW%2b1FFY1ErOXKfR%2bSHWBaZUC2DSFxBDZ8xYS237VtX%2f0OkZrBMlUJc2mvioG5vkeKKvmoeBoIjFztlxlTHRh80vvfnRejxZUkvJkzmYuKJT39rw%3d%3d;'
> for principal admin(a)FIXEDANDMOBILE.COM <mailto:admin@FIXEDANDMOBILE.COM>
>
> ipalib.backend: DEBUG: Created connection
context.rpcclient_139702145432656
>
> ipalib.install.kinit: DEBUG: Initializing principal
> host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM> using keytab
> /etc/krb5.keytab
>
> ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-v__2gr/ccache
>
> ipalib.install.kinit: DEBUG: Attempt 1/1: success
>
> ipalib.frontend: DEBUG: raw: ca_is_enabled(version=u'2.107')
>
> ipalib.frontend: DEBUG: ca_is_enabled(version=u'2.107')
>
> ipalib.rpc: INFO: [try 1]: Forwarding 'ca_is_enabled/1' to json server
> 'https://sg.fixedandmobile.com/ipa/json'
>
> ipalib.rpc: DEBUG: HTTP connection keep-alive (
sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com>)
>
> ipalib.rpc: DEBUG: received Set-Cookie (<type
>
'list'>)'['ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;path=/ipa;httponly;secure;']'
>
> ipalib.rpc: DEBUG: storing cookie
>
'ipa_session=MagBearerToken=k3UeW0CBhnYQxsMjGQXZlMLMoykL9MpMuAlwz%2bIEzsTnqSJd%2frxLN4adiTkmXRmg%2b%2b2fm75Y0YkLgQUVEG6MgbO03zo%2fulI27VKCdl8y4zhSzZXN5pfXCEf6bTU3OCdGWkLiH11iw41BWSAt2Oz5dSAFrvhHKLyzf%2bZe84BgIaLNkXPPLzs4yVlP7ysBxb1BmOjA9Zy6B6FlJf0rUAKx68RVbLPM5nCWvj7xcl0sYxFamesj%2fvA64frAlJyKuhwSUMfxwTRJQMCpuwjXjBqdZ2GO74447LXf3KUE4Pra4Do%3d;'
> for principal admin(a)FIXEDANDMOBILE.COM <mailto:admin@FIXEDANDMOBILE.COM>
>
> ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache
> url=ldap://sg.fixedandmobile.com:389 <
http://sg.fixedandmobile.com:389>
> conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7f0ef07b8c68>
>
> ipalib.frontend: DEBUG: raw: ca_find(None, version=u'2.231')
>
> ipalib.frontend: DEBUG: ca_find(None, version=u'2.231')
>
> ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to json server
> 'https://sg.fixedandmobile.com/ipa/json'
>
> ipalib.rpc: DEBUG: HTTP connection keep-alive (
sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com>)
>
> ipalib.rpc: DEBUG: received Set-Cookie (<type
>
'list'>)'['ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;path=/ipa;httponly;secure;']'
>
> ipalib.rpc: DEBUG: storing cookie
>
'ipa_session=MagBearerToken=Nz2iaoFY1%2f9u4dZOG4va33r391H7RiJXQG4r6eIu825JBLHn8tuA78JX4dNwXeOcZ9lr0LhBRmHrYnSanDlBjjfB%2bGljqkyTdpif3AkFzbIO7YDPUXCO0aYc5tMlO4BJdr3yCoPvcZi1Qxshf7aEQoYhsswwAx%2batp3%2f8noK8yps4hn%2fZzbfrdzkQRRSNZzbz4bzOFhVbNFIgJMm%2f8KtEpnhyi6Guluq7RRXe0N3RO%2bXuQa1%2fyfBLnSsUzGGpEGxfu28PM6i9os2Ly2tZJpzxjsM%2bmrDY1BfwyxLiTXlCgQ%3d;'
> for principal admin(a)FIXEDANDMOBILE.COM <mailto:admin@FIXEDANDMOBILE.COM>
>
> ipalib.install.sysrestore: DEBUG: Loading Index file from
> '/var/lib/ipa/sysrestore/sysrestore.index'
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n
FIXEDANDMOBILE.COM
> <
http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a -f
> /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d
> dbm:/etc/dirsrv/slapd-FIXEDANDMOBILE-COM -A -n
> E=support(a)fixedandmobile.com
> <mailto:support@fixedandmobile.com>,CN=sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com
>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG
> -t C,, -a -f /etc/dirsrv/slapd-FIXEDANDMOBILE-COM/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl is-active
> dirsrv(a)FIXEDANDMOBILE-COM.service
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=active
>
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl --system daemon-reload
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl restart
> dirsrv(a)FIXEDANDMOBILE-COM.service
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl is-active
> dirsrv(a)FIXEDANDMOBILE-COM.service
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=active
>
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: wait_for_open_ports: localhost [389] timeout
300
>
> ipapython.ipautil: DEBUG: waiting for port: 389
>
> ipapython.ipautil: DEBUG: SUCCESS: port: 389
>
> ipaplatform.base.services: DEBUG: Restart of
> dirsrv(a)FIXEDANDMOBILE-COM.service complete
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias
> -A -n
FIXEDANDMOBILE.COM <
http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a
> -f /etc/httpd/alias/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias
> -A -n E=support(a)fixedandmobile.com
> <mailto:support@fixedandmobile.com>,CN=sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com
>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG
> -t C,, -a -f /etc/httpd/alias/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=active
>
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl restart httpd.service
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=active
>
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipaplatform.base.services: DEBUG: Restart of httpd.service complete
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb
> -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=255
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: IPA CA
>
> : PR_FILE_NOT_FOUND_ERROR: File not found
>
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb
> -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=255
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: External
> CA cert
>
> : PR_FILE_NOT_FOUND_ERROR: File not found
>
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb
> -A -n
FIXEDANDMOBILE.COM <
http://FIXEDANDMOBILE.COM> IPA CA -t CT,C,C -a
> -f /etc/ipa/nssdb/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb
> -A -n E=support(a)fixedandmobile.com
> <mailto:support@fixedandmobile.com>,CN=sg.fixedandmobile.com
> <
http://sg.fixedandmobile.com
>,OU=IT,O=Fixed&Mobile,L=Singapore,ST=Singapore,C=SG
> -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
>
> ipapython.ipautil: DEBUG: Starting external process
>
> ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
>
> ipapython.ipautil: DEBUG: Process finished, return code=0
>
> ipapython.ipautil: DEBUG: stdout=
>
> ipapython.ipautil: DEBUG: stderr=
>
> ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
>
> ipalib.backend: DEBUG: Destroyed connection
> context.rpcclient_139702145432656
>
> ipapython.admintool: INFO: The ipa-certupdate command was successful
>
> [root@sg ansible]# ipactl status
>
> *Unknown error when retrieving list of services from LDAP: need more
> than 1 value to unpack*
>
> *[root@sg ansible]# ipactl restart*
>
> *Failed to read data from Directory Service: Unknown error when
> retrieving list of services from LDAP: need more than 1 value to unpack*
>
> *Shutting down*
>
>
> On Wed, Mar 11, 2020 at 5:36 PM Rob Crittenden <rcritten(a)redhat.com
> <mailto:rcritten@redhat.com>> wrote:
>
> Faraz Younus wrote:
> >
> > Kindly approve this email, please
>
> It is nearly 5MB due to the screen shots. Please either reduce their
> size or preferably just copy/paste the text.
>
> rob
>
> >
> > On Wed, Mar 11, 2020 at 12:28 PM Faraz Younus <farazby(a)gmail.com
> <mailto:farazby@gmail.com>
> > <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>>
wrote:
> >
> > I fixed that error ipaclient is required on master server, I
> created
> > new master with ipaclient
> >
> > [root@sg ansible]# klist -kt /etc/krb5.keytab
> >
> > Keytab name: FILE:/etc/krb5.keytab
> >
> > KVNO Timestamp Principal
> >
> > ---- -----------------
> > --------------------------------------------------------
> >
> > 3 03/11/20 07:15:51
> host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> >
> > 3 03/11/20 07:15:51
> host/sg.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:sg.fixedandmobile.com@FIXEDANDMOBILE.COM>>
> >
> >
> >
> > But Now Issue is that when I updating the external certificate
> it is
> > failing first time then it got successful however it broke the
> LDAP.
> > Screenshots are attached
> >
> > [root@sg ansible]# ipactl restart
> >
> > Failed to read data from Directory Service: Unknown error when
> > retrieving list of services from LDAP: need more than 1 value
> to unpack
> >
> > Shutting down
> >
> >
> > Screen Shot 2020-03-11 at 12.22.40 PM.png
> >
> > Screen Shot 2020-03-11 at 12.23.36 PM.png
> >
> > On Tue, Mar 10, 2020 at 7:33 PM Robbie Harwood
> <rharwood(a)redhat.com <mailto:rharwood@redhat.com>
> > <mailto:rharwood@redhat.com
<mailto:rharwood@redhat.com>>>
wrote:
> >
> > Faraz Younus <farazby(a)gmail.com
<mailto:farazby@gmail.com>
> <mailto:farazby@gmail.com <mailto:farazby@gmail.com>>> writes:
> >
> > > Yes /tmp is writable for everyone.
> > >
> > > drwxrwxrwt. root root 4.0K tmp
> > >
> > > [root@ipa5 centos]# kinit admin
> > >
> > > Password for admin(a)FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>
> > <mailto:admin@FIXEDANDMOBILE.COM
> <mailto:admin@FIXEDANDMOBILE.COM>>:
> > >
> > >
> > > The output for /etc/krb5.keytab
> > >
> > >
> > > [root@ipa5 centos]# klist -kt /etc/krb5.keytab
> > >
> > > Keytab name: FILE:/etc/krb5.keytab
> > >
> > > KVNO Timestamp Principal
> > >
> > > ---- -----------------
> > > --------------------------------------------------------
> >
> > Did you obfuscate this output? Can you not?
> >
> > It should contain an entry for
> > host/ipa5.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>> . The next
> > question is
> > whether it matches the output of `kvno
> > host/ipa5.fixedandmobile.com(a)FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>
> > <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM
> <mailto:ipa5.fixedandmobile.com@FIXEDANDMOBILE.COM>>` (kinit first).
> >
> > Thanks,
> > --Robbie
> >
>