Home > Generic Error > Generic Error (see E-text)

Generic Error (see E-text)

Contents

I also see under 6.5.1 point 6 that there is a ipa-getkeytab command but as per NFS is that run on the server that is providing the service? It seems like the same issue as #320. it does need "service pki-cad restart" but the setup tool does not run that. Not a good idea. Source

Generate the nfs service keytab, there are two methods, i) On the NFS server, with this command "etc etc" ii) On a different machine do a)....b)...c)...d) The distinction is really "whether Or immediately after a FreeIPA orkrb5kdc upgrade ?Can you give a little more context around this ?Also could you ldapsearch this user entry before you change yourpassword using 'cn=Directory Manager' as Or immediately after a FreeIPA orkrb5kdc upgrade ?Can you give a little more context around this ?Issue Solved!I worked out that my LDAP Browser was changing the attribtues of "krbPrincipalKey" entry It seem like the only option to quickly recover access to your user. > Is it a bug? https://www.redhat.com/archives/freeipa-users/2012-February/msg00157.html

Ssh Generic Error (see E-text)

For example, if jruser is a Kerberos administrator, then in addition to the normal jruser principal, a jruser/admin principal should be created. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # Did you do anything special with this user ?

Yup, I agree. However, if you lose the password and /etc/krb5kdc/stash, you cannot decrypt your Kerberos database. Did you do anything special with this user ? Did this happenimmediately after a password change ?

Not a good idea.Have a look at the before and after;krbPrincipalKey:: MIIBnKADAgEBoQMCAQGiAwIBAqMDAgEApIIBhDCCAYAwaKAbMBmgAwIBBKESBBCf338d3SHeIt21wwMeLtrDoUkwR6ADAgESoUAEPiAAltpeSUgnisk9RLvsAXZISub9cfbfJ/SnxMWlrhrS0fUKaQYGXPXwwwslXgZ30xWfeAlLI9DztmKeqzUbMFigGzAZoAMCAQShEgQQze9p5zpXYuYLOyWIljg0jaE5MDegAwIBEaEwBC4QAPa4TpZbsA1tSoUl1LMG+IljQusO8zpTD7UqNWIdrvYJI8Cq6rALd/jzMJKgMGCgGzAZoAMCAQShEgQQh3To4HjujECOGDHyhaoFiqFBMD+gAwIBEKE4BDYYAO4F0DyDLow0cColhjsykUzH750CBFsaZfIEX1o2iPMCWlLYtRmauoW3OhejrRESemC+sGUwWKAbMBmgAwIBBKESBBDF9qB45XTzfez5BfecBC/EoTkwN6ADAgEXoTAELhAAc9mgsgQnmXxXqlwrLcC9U7uGePdu95xCQcW9lvRyW77rTpev6Lk4E7sXYKE=krbPrincipalKey:: MO+/vQHvv73vv70DAgEB77+9AwIBAe+/vQMCAQLvv70DAgE=---Thanks a lot for getting back to us with the cause.Glad it wasn't our fault :-)Simo.--Simo Sorce * Red Kerberos Generic Error See E Text v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] COINCOIN.EU = { Or immediately after a FreeIPA orkrb5kdc upgrade ?Can you give a little more context around this ?Also could you ldapsearch this user entry before you change yourpassword using 'cn=Directory Manager' as https://www.redhat.com/archives/freeipa-users/2012-February/msg00177.html I had a look at this: http://www.freeipa.org/page/Audit_Design_Overview I see that are mentioned watchers on directories for alerting on file alterations.

the order here appears to be backwards. Is it a bug? Kerberos (last edited 2011-09-27 23:23:40 by pilou) MoinMoin PoweredPython PoweredGPL licensedValid HTML 4.01 Search: OpenID LoginFedora Account Sign UpPreferencesHelp/GuideAbout TracRPC APICGit WikiTimelineRoadmapBrowse SourceView TicketsSearch Context Navigation ← Previous TicketNext Ticket → Please let me know if you have any additional information I can provide.

Kerberos Generic Error See E Text

Did this happenimmediately after a password change ? http://freeipa-users.redhat.narkive.com/zjlnbl0W/kinit-generic-error-see-e-text-while-getting-initial-credentials Did you do anything special with this user ? Ssh Generic Error (see E-text) Tests kdc:~# kinit lilou Password for [email protected]: kdc:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 02/20/11 03:07:54 02/20/11 13:07:54 krbtgt/[email protected] renew until 02/21/11 03:07:51 Kerberos 4 Did you do anything special with this user ?

He tried John's patch from ticket 682 but that didn't resolve the issue for him. http://glitchtest.org/generic-error/generic-error-gdi.html looks like it should be configure -> restart -> status. for your b) You say "Copy over to the NFS host machine" where earlier you said NFS server, you repeat this in d) for consistency it should be "server" it certainly After installing libpam-krb5, you can use pam-auth-update command in order to handle PAM & kerberos configuration. /etc/krb5.conf [libdefaults] default_realm = COINCOIN.EU # The following krb5.conf variables are only for MIT Kerberos.

Or immediately after a FreeIPA or > >krb5kdc upgrade ? > >Can you give a little more context around this ? Did this happenimmediately after a password change ? I want to see if thekey blob at least looks normal (do not worry about your password, thekey material is itself encrypted).Post by Craig TAnyone else seen this error?Haven't seen any http://glitchtest.org/generic-error/generic-error.html I think this is trying to say "if your NFS server is a Linux machine you can directly update /etc/krb5.keytab with these keys and be done with it." Perhaps a little

You should try to remember this password, but it is much more important that it be a strong password than that it be remembered. Doing so is documented in the administration guide. ipa-getkeytab can be run anywhere for any service.

Or immediately after a FreeIPA or > > >krb5kdc upgrade ? > > >Can you give a little more context around this ? > Issue Solved! > I worked out that

Kerberos admin principals usually belong to a single user and end in /admin. Don't forget to set up DNS information so your clients can find your KDC and admin servers. BASE dc=coincoin,dc=eu URI ldap://ldap.coincoin.eu schema Install LDAP plugin for the Kerberos key server, include kerberos schema in schema used by slapd aptitude install krb5-kdc-ldap gunzip -c /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz > /etc/ldap/schema/kerberos.schema echo "include comment:7 Changed 6 years ago by rcritten I'd suggest looking at /var/log/krb5kdc.log to see if there are any error messages.

I want to see if thekey blob at least looks normal (do not worry about your password, thekey material is itself encrypted).It might also be handy to see who last updated Or immediately after a FreeIPA or krb5kdc upgrade ? Did you implement the workaround described in the release notes (linking jar files)? Check This Out I tested that wrapping the dynamic-db element provided by bind-sdb could be wrapped by a "view 'test'" scope and it works fine, so it seems that it could be hacked together

I worked out that my LDAP Browser was changing the attribtues of "krbPrincipalKey" entry just be simply clicking on the attribute entry!! Glad it wasn't our fault :-) Simo. -- Simo Sorce * Red Hat, Inc * New York References: [Freeipa-users] kinit: Generic error (see e-text) while getting initial credentials From: Craig T Recent Msgs:fedora-users/2016-11/msg00550.htmllinux-kernel/2016-11/msg00134.htmlubuntu-bugs/2016-11/msg11237.htmlgeneral/2016-11/msg28026.htmlgeneral/2016-11/msg28185.htmlkde-freebsd/2016-11/msg00339.htmlcore-libs-dev/2016-11/msg00438.htmlfedora-virt-maint/2016-11/msg00826.htmlmongodb-user/2016-11/msg00311.htmlbug-binutils-gnu/2016-11/msg00233.html Latest News Stories: Linux 4.0 Kernel Released Google Lets SMTP Certificate Expire Open Crypto Audit Passes TrueCrypt CIA 'tried to crack security of Apple devices' Xen Security Bug: Amazon, kinit -V craig Using default cache: /tmp/krb5cc_0 Using principal: craig EXAMPLE COM kinit: Generic error (see e-text) while getting initial credentials Server Side Error: (File: /var/log/krb5kdc.log) Feb 13 10:36:04 sysvm-ipa krb5kdc[5590](info):

Glad it wasn't our fault :-) Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users Thread at a glance: Previous Message by Date: Marco _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users

Home | News | Sitemap | FAQ | advertise | OSDir is an Inevitable website. Issue Solved! Did this happenimmediately after a password change ?

Thanks, Brian _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users Previous Message by Thread: Re: [Freeipa-users] kinit: Generic error (see e-text) while getting initial credentials (SOLVED) On Tue, Feb 14, 2012 at 04:54:51PM Visit the FreeIPA project wiki at http://www.freeipa.org/ I want to see if thekey blob at least looks normal (do not worry about your password, thekey material is itself encrypted).It might also be handy to see who last updated Not a good idea. > > Have a look at the before and after; > BEFORE: > krbPrincipalKey:: MIIBnKADAgEBoQMCAQGiAwIBAqMDAgEApIIBhDCCAYAwaKAbMBmgAwIBBK > ESBBCf338d3SHeIt21wwMeLtrDoUkwR6ADAgESoUAEPiAAltpeSUgnisk9RLvsAXZISub9cfbfJ > /SnxMWlrhrS0fUKaQYGXPXwwwslXgZ30xWfeAlLI9DztmKeqzUbMFigGzAZoAMCAQShEgQQze9p > 5zpXYuYLOyWIljg0jaE5MDegAwIBEaEwBC4QAPa4TpZbsA1tSoUl1LMG+IljQusO8zpTD7UqNWI > drvYJI8Cq6rALd/jzMJKgMGCgGzAZoAMCAQShEgQQh3To4HjujECOGDHyhaoFiqFBMD+gAwIBEK > E4BDYYAO4F0DyDLow0cColhjsykUzH750CBFsaZfIEX1o2iPMCWlLYtRmauoW3OhejrRESemC+s > GUwWKAbMBmgAwIBBKESBBDF9qB45XTzfez5BfecBC/EoTkwN6ADAgEXoTAELhAAc9mgsgQnmXxX

Did you do anything special with this user ? Then, this principal can be added to /etc/krb5kdc/kadm5.acl so that you can use the kadmin program on other computers. Simo, -- Simo Sorce * Red Hat, Inc * New York Follow-Ups: Re: [Freeipa-users] kinit: Generic error (see e-text) while getting initial credentials From: Rob Crittenden References: [Freeipa-users] kinit: Generic error [Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] [Freeipa-users] kinit: Generic error (see e-text) while getting initial credentials From: Craig T To:

Add: dns_lookup_realm = false dns_lookup_kdc = true to [libdefaults] . I want to see if the key blob at least looks normal (do not worry about your password, the key material is itself encrypted). > Anyone else seen this error?