Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 982291
Description of problem: I'm seeing ipa-adtrust-install fail in RHEL7 unless I set KRB5CCNAME variable like in bug #904720 for Fedora 18. [root@rhel7-1 ~]# klist Ticket cache: DIR::/run/user/0/krb5cc/tktezfUZl Default principal: admin@TESTRELM.COM Valid starting Expires Service principal 07/03/2013 14:35:30 07/04/2013 14:35:30 krbtgt/TESTRELM.COM@TESTRELM.COM [root@rhel7-1 ~]# echo $KRB5CCNAME [root@rhel7-1 ~]# ipa-adtrust-install --netbios-name=NBEXAMPLE -a PASSWORD -U The log file for this installation can be found in /var/log/ipaserver-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. Outdated Kerberos credentials. Use kdestroy and kinit to update your ticket Version-Release number of selected component (if applicable): ipa-server-3.2.1-1.el7.x86_64 How reproducible: always Steps to Reproduce: 1. Setup IPA server 2. ipa-adtrust-install --netbios-name=NBEXAMPLE -a PASSWORD -U 3. Actual results: Fails with outdated credentials error listed above. Expected results: Works without error. Additional info: Setting KRB5CCNAME as described in similar bug works around the isssue. export KRB5CCNAME=/tmp/krb5cc_$(id -u)
This is a problem in krb5 component, it should be fixed in krb5-1.11.3-4.
krb5-1.11.3-4
Metadata Update from @rcritten: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.