FreeIPA, kinit, e-text and ENOSUCH

18 September, 2024

Trying to get a Kerberos ticket for a user on a master? Getting

kinit: Generic error (see e-text) while getting initial credentials

Log shows

ipa1.$domain krb5kdc... AS_REQ ... HANDLE_AUTHDATA: $user@$realm ... No such file or directory

Did you forget to add SIDs on upgrade/replica install?

This helped:

ipa config-mod --enable-sid --add-sids