it seems my pastebin link didn't quite come through as expected... he's the link again https://pastebin.com/HW4DcGT0
Erik
On Пят, 06 кас 2023, Erik Ostrom via FreeIPA-users wrote:
it seems my pastebin link didn't quite come through as expected... he's the link again https://pastebin.com/HW4DcGT0
This error:
(2023-10-05 15:13:36): [krb5_child[325764]] [get_and_save_tgt] (0x0020): [RID#527] 2009: [-1765328377][Error constructing AP-REQ armor: Server krbtgt/ad.contoso.local@ipa.subdomain.contoso.local not found in Kerberos database]
says that SSSD attempted to validate a received Kerberos ticket using host/.... service principal keytab on the host and failed to do so. This typically happens when FAST use is enforced on AD side and we only have a one-way trust to that AD forest.
See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm... for more details.
freeipa-users@lists.fedorahosted.org