Hi Jakub, Apologies for hijacking the thread but you reminded me of a longstanding issue - I can't manually use kinit on my client nodes. As I operate a jump server that means I get a ticket on first login but when i login to other client systems the ticket gives me entry but doesn't follow me. When I try to run kinit for my user the following message is printed:
$ kinit callum kinit: Generic preauthentication failure while getting initial credentials Not a single local log entry is generated. Any ideas? Thanks, On Fri, Jul 14, 2017 at 7:22 AM Jakub Hrozek via FreeIPA-users < firstname.lastname@example.org> wrote: > On Fri, Jul 14, 2017 at 02:02:03AM -0000, patrick.mchale--- via > FreeIPA-users wrote: > > Hi, > > > > I am getting an error logging into a FreeIPA server from a new FreeIPA > client. I have reset the password for the user using "kinit admin" but > still no joy. Is there another password that is needing to be set?. > > > > Jul 14 13:53:41 ipa-client [sssd[krb5_child]]: Password has expired > > Jul 14 13:53:41 ipa-client [sssd[krb5_child]]: Decrypt integrity > check failed > > Jul 14 13:54:40 ipa-client [sssd[krb5_child]]: Password has expired > > Jul 14 13:54:40 ipa-client [sssd[krb5_child]]: Decrypt integrity > check failed > > sssd should have prompted you for the new password.. The "Decrypt > integrity check failed" sounds like the wrong password was entered, > though. > > does kinit $user work? > _______________________________________________ > FreeIPA-users mailing list -- email@example.com > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > -- Callum Guy Head of Information Security X-on -- *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** <https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel> <https://twitter.com/xonuk> * X-on is a trading name of Storacall Technology Ltd a limited company registered in England and Wales. Registered Office : Avaland House, 110 London Road, Apsley, Hemel Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient, please notify X-on immediately on +44(0)333 332 0000 and delete the message from your computer. If you are not a named addressee you must not use, disclose, disseminate, distribute, copy, print or reply to this email. Views or opinions expressed by an individual within this email may not necessarily reflect the views of X-on or its associated companies. Although X-on routinely screens for viruses, addressees should scan this email and any attachments for viruses. X-on makes no representation or warranty as to the absence of viruses in this email or any attachments.
_______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org