LDAP Kerberos GUI error

[sangdrax8]

I have setup a test system to try out the Kerberos LDAP integration using FreeIPA server. I have been able to get LDAP configured, and users/groups showing up when testing on the CLI. After getting this working I moved on to working with the Kerberos settings, and I am having issues with what seems like a bug.

After I have created my keytab and exported it from freeipa, I have configured the Kerberos Realms and Kerberos Keytabs with what seems like success. I then go to the LDAP server which was working before, and I do see the Kerberos Realm in the drop down, so I select that. I then find my Principal in the drop down menu and select it as well.

With only those changes to the working LDAP server, I then try and save the configuration, but I get the following error.

 

[sangdrax8]

Sorry, It seems my post posted rather than inserting the error..

I am going to start looking at the config files on the CLI to see if I can find anything, but all the steps up until here seemed to work as expected.

 

[sangdrax8]

Just wanted to post back here in case it helps someone else in the future. From what I can tell this seems to be an issue (or miss understanding on my part) with the LDAP connection expecting a TGT to be in a location, but the server doesn't create this from the host based credentials in the keytab. I have stopped looking into this as I switched over to Scale to do more testing. In scale, with all the same keytabs and settings, and NOT worrying about adding kerbers real/keytab settings to LDAP (just leaving it with a CN and password), I am able to ssh to Scale with my kerberos tickets.

So I was only going down this path because Core 13.1 was failing to let me ssh to it, after configuring keytabs and activating kerberos in ssh. The same setup works in Scale, so I am going to continue my testing from there. However I have other core servers I still maintain and I would be interested if someone does find that core works but additional keytabs or settings must be done.