Detlev Habicht via FreeIPA-users <freeipa-users@lists.fedorahosted.org> writes:
> Hi,
>
> i have maybe an IPA server which is a little bit broken (My NFS
> services don’t work, i can’t mount - the rest is working.).
>
> I see this messages:
>
> ipa-client-install:
> Kerberos authentication failed: Major (851968): Unspecified GSS failure.
> Minor code may provide more information, Minor (2529638936):
> Preauthentication failed
> Installation failed. Force set so not rolling back changes.
>
> krb5kdc.log:
>
> Aug 23 10:49:26 pipa.ims.intern krb5kdc[2333](info): AS_REQ (6 etypes {18 17
> 16 23 25 26}) 130.75.57.122: NEEDED_PREAUTH:
> host/pxe-122.ims.intern@IMS.INTERN for krbtgt/IMS.INTERN@IMS.INTERN,
> Additional pre-authentication required
> Aug 23 10:49:26 pipa.ims.intern krb5kdc[2334](info): AS_REQ (6 etypes {18 17
> 16 23 25 26}) 130.75.57.122: PREAUTH_FAILED:
> host/pxe-122.ims.intern@IMS.INTERN for krbtgt/IMS.INTERN@IMS.INTERN,
> Preauthentication failed
>
> What does this mean? What can be broken on the IPA server?
Well, it means that the client and server (KDC specifically) don't agree
on the state of the world enough to grant credentials. Usually this
means:
- passwords are wrong/mistyped
- clocks are not synchronized
- krb5kdc can't connect to ldap proprly (it should yell about this in
logs though)
Thanks,
--Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
