The installation guide is incomplete and doesn't explain all necessary steps for the user setup. After create-portal-user is invoked, the user is available but cannot grab a TGT from Kerberos.
# kinit portal
kinit: Generic preauthentication failure while getting initial credentials
# ipa user-find portal
--------------
1 user matched
--------------
User login: portal
First name: Self
Last name: Service
Home directory: /home/portal
Login shell: /bin/sh
Email address: portal@ipa.example
UID: 1507400003
GID: 1507400003
Account disabled: False
Password: False
Kerberos keys available: False
----------------------------
Number of entries returned 1
----------------------------
The create-portal-user script has a commented out section at the end. It shows how to use ipa-getkeytab to acquire a user keytab. This should be added to the docs, too.
The installation guide is incomplete and doesn't explain all necessary steps for the user setup. After create-portal-user is invoked, the user is available but cannot grab a TGT from Kerberos.
The create-portal-user script has a commented out section at the end. It shows how to use ipa-getkeytab to acquire a user keytab. This should be added to the docs, too.