Mark Haney via FreeIPA-users <>

> since these two servers are CentOS 6.9.  I'm almost certain I've got
> everything setup correctly, but I'm still unable to login as an IPA
> user either with SSH or with su - <username>. I get '<username> does
> not exist'. However, I /can/ 'kinit admin' /and/ 'kinit mark.haney'
> successfully:

This looks like some problem with sssd.  Do you see your user with "id
<username"?  Have a look at

> Rob Crittenden had me check the keytab KVNO and it matches with the
> KVNO of the IPA server.  The one issue I can definitely say I have is
> this:
> kinit -kt /etc/krb5.keytab
> kinit: Generic preauthentication failure while getting initial credentials

Can you show a trace with "KRB5_TRACE=/dev/stderr kinit -kt
/etc/krb5.keytab"?  What do you see in the KDC log?


This space is intentionally left blank.
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to