# ipa host-mod `hostname` --addattr krbcanonicalname=host/`hostname`@T.VDA.LI --addattr 'krbprincipalname=IPA-01$@T.VDA.LI' ipa: ERROR: krbprincipalname: Only one value allowed.
krbPrincipalName is multi-valued attribute; if multiple values present, krbCanonicalName attribute must be present and it should contain canonical version of the principal name.
This is critical issue for trusts going forward for file sharing as by default AD attempts to use NetBIOS name as a principal (IPA-01$@REALM, for example).
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1117306
attachment freeipa-dkupka-0015-Allow-multiple-krbprincipalnames.patch
attachment freeipa-dkupka-0016-Test-Allow-multiple-krbPrincipalNames.patch
attachment freeipa-dkupka-0015-2-Allow-multiple-krbprincipalnames.patch
attachment freeipa-dkupka-0016-2-Test-Allow-multiple-krbPrincipalNames.patch
This should be fixed together with #3864 - it is too late for both changes in 4.1, thus moving to next milestone.
During processing of remaining tickets in 4.2 Backlog, this ticket was found as suitable to be fixed in the nearest bugfixing branch - which is 4.2.x.
FreeIPA 4.2.1 was released, moving to 4.2.x.
related: #3864, #3961
A way to add host principal aliases was added as a part of e6ff83e
Closing the ticket since this is more preferable and user-friendly way than using *-mod commands.
Metadata Update from @abbra: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.4
Login to comment on this ticket.