Hello, ipa-users!

Can't login into my FreeIpa system with admin user.

*On WebUi *

Login failed due to an unknown reason.

*In krb5kdc.log:*

Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: NEEDED_PREAUTH: WELLKNOWN/
anonym...@mydomain.com for krbtgt/mydomain....@mydomain.com, Additional
pre-authentication required
Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: ISSUE: authtime 1507550904, etypes
{rep=18 tkt=18 ses=18}, WELLKNOWN/anonym...@mydomain.com for krbtgt/
mydomain....@mydomain.com
Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24786](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: NEEDED_PREAUTH: ad...@mydomain.com
for krbtgt/mydomain....@mydomain.com, Additional pre-authentication required
Oct 09 08:08:24 myhost.mydomain krb5kdc[24786](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24787](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: ISSUE: authtime 1507550904, etypes
{rep=18 tkt=18 ses=18}, ad...@mydomain.com for krbtgt/
mydomain....@mydomain.com
Oct 09 08:08:24 myhost.mydomain krb5kdc[24787](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24785](info): TGS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: ISSUE: authtime 1507550904, etypes
{rep=18 tkt=18 ses=18}, ad...@mydomain.com for HTTP/
myhost.mydom...@mydomain.com
Oct 09 08:08:24 myhost.mydomain krb5kdc[24785](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24786](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: NEEDED_PREAUTH: HTTP/
myhost.mydom...@mydomain.com for krbtgt/mydomain....@mydomain.com,
Additional pre-authentication required
Oct 09 08:08:24 myhost.mydomain krb5kdc[24786](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): preauth
(encrypted_timestamp) verify failure: Preauthentication failed
Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: PREAUTH_FAILED: HTTP/
myhost.mydom...@mydomain.com for krbtgt/mydomain....@mydomain.com,
Preauthentication failed
Oct 09 08:08:24 myhost.mydomain krb5kdc[24788](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24786](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: NEEDED_PREAUTH: HTTP/
myhost.mydom...@mydomain.com for krbtgt/mydomain....@mydomain.com,
Additional pre-authentication required
Oct 09 08:08:24 myhost.mydomain krb5kdc[24786](info): closing down fd 11
Oct 09 08:08:24 myhost.mydomain krb5kdc[24785](info): preauth
(encrypted_timestamp) verify failure: Preauthentication failed
Oct 09 08:08:24 myhost.mydomain krb5kdc[24785](info): AS_REQ (8 etypes {18
17 20 19 16 23 25 26}) 192.168.110.26: PREAUTH_FAILED: HTTP/
myhost.mydom...@mydomain.com for krbtgt/mydomain....@mydomain.com,
Preauthentication failed
Oct 09 08:08:24 myhost.mydomain krb5kdc[24785](info): closing down fd 11

*In httpd error log:*

[Mon Oct 09 08:10:31.746129 2017] [auth_gssapi:error] [pid 24813] [client
192.168.110.26:45594] GSS ERROR gss_acquire_cred[_from]() failed to get
server creds: [Unspecified GSS failure.  Minor code may provide more
information ( SPNEGO cannot find mechanisms to negotiate)]
[Mon Oct 09 08:10:31.749411 2017] [:error] [pid 24806] ipa: INFO: 401
Unauthorized: No session cookie found

*In messages:*

Oct  9 08:11:40 myhost gssproxy: gssproxy[13658]: (OID: { 1 2 840 113554 1
2 2 }) Unspecified GSS failure.  Minor code may provide more information,
Preauthentication failed
Oct  9 08:11:40 myhost gssproxy: gssproxy[13658]: (OID: { 1 2 840 113554 1
2 2 }) Unspecified GSS failure.  Minor code may provide more information,
Preauthentication failed

*The password is correct 100%.*
*I can do kinit for admin.*
*Where to look next?*
*Restart didn't help.*

OS Red Hat Enterprise Linux Server release 7.4
[root@myhost ipa]# uname -a
Linux myhost.mydomain 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 10:49:01
PDT 2017 x86_64 x86_64 x86_64 GNU/Linux


Regards,
Andrey
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to