Currently krb5kdc service restart is not implemented in "ipa_server_certinstall.py" code and after installing kdc certificate and trying to get anonymous ticket with "kinit -n" we are getting: kinit: Preauthentication failed while getting initial credentials. After the service restart it works fine. This ticket was opened in order to implement the restart.
kinit: Preauthentication failed while getting initial credentials
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.5.4 - Issue tagged with: easyfix
How to reproduce: 1. ipa-server-install -U -n ipa.test -r IPA.TEST -p Secret123 -a Secret123 --domain-level=1 --setup-dns --forwarder x.x.x.x --auto-reverse --no-pkinit 2. git clone https://github.com/freeipa/freeipa-tools.git 3. cd freeipa-tools && ./makepki.sh 4. pk12util -o ca1-kdc.p12 -d nssdb -n ca1/server-kdc 5. ipa-cacert-manage install -vvv pki/ca1.crt 6. ipa-certupdate 7. ipa-server-certinstall -k ca1-kdc.p12 --pin 1234 8. kinit -n
ipa-server-install -U -n ipa.test -r IPA.TEST -p Secret123 -a Secret123 --domain-level=1 --setup-dns --forwarder x.x.x.x --auto-reverse --no-pkinit
git clone https://github.com/freeipa/freeipa-tools.git
cd freeipa-tools && ./makepki.sh
pk12util -o ca1-kdc.p12 -d nssdb -n ca1/server-kdc
ipa-cacert-manage install -vvv pki/ca1.crt
ipa-certupdate
ipa-server-certinstall -k ca1-kdc.p12 --pin 1234
kinit -n
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5.4)
master:
ipa-4-6:
ipa-4-5:
Metadata Update from @tdudlak: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.