Open YoungCree opened 3 years ago
Hello.
Please double check, that you properly follow the installation steps:
# Get keytab
ipa-getkeytab -p ldap-passwd-reset -k /opt/data/IPAPasswordReset/ldap-passwd-reset.keytab
# And change files owner
chown -R ldap-passwd-reset:ldap-passwd-reset /opt/data/IPAPasswordReset
I generated the keytab using that method, and the password reset user has access to the entire directory, any other ideas?
Hey there, I'm having troubles with the kerberos ticket portion of the setup. When clicking on "Reset Password" I get "Cannot retrieve kerberos ticket". I'm able to grab a keytab and store it in /opt/data/IPAPasswordReset/passwordreset.keytab and I'm pointing to that in the settings.py ../passwordreset.keytab I'm also able to run the command kinit -kt /opt/data/IPAPasswordReset/passwordreset.keytab passwordreset without any issues. Running klist -A I get the following: Ticket cache: KCM:0:4774 Default principal: passwordreset@DOMAIN
Valid starting Expires Service principal 09/14/2020 09:53:36 09/15/2020 09:53:36 krbtgt/DOMAIN@DOMAIN 09/14/2020 10:02:55 09/15/2020 09:53:36 HTTP/server@DOMAIN
Ticket cache: KCM:0 Default principal: admin@DOMAIN
Valid starting Expires Service principal 09/10/2020 12:05:50 09/11/2020 12:05:47 krbtgt/DOMAIN@DOMAIN 09/10/2020 12:05:55 09/11/2020 12:05:47 cifs/SERVER@DOMAIN
Ticket cache: KCM:0:72320 Default principal: cifs/server@DOMAIN
Valid starting Expires Service principal 09/10/2020 12:07:04 09/11/2020 12:07:04 krbtgt/DOMAIN@DOMAIN
Do you know what's going on? Thanks in advance for the help!