Mark Haney via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:

> since these two servers are CentOS 6.9.  I'm almost certain I've got
> everything setup correctly, but I'm still unable to login as an IPA
> user either with SSH or with su - <username>. I get '<username> does
> not exist'. However, I /can/ 'kinit admin' /and/ 'kinit mark.haney'
> successfully:

This looks like some problem with sssd.  Do you see your user with "id
<username"?  Have a look at
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html

> Rob Crittenden had me check the keytab KVNO and it matches with the
> KVNO of the IPA server.  The one issue I can definitely say I have is
> this:
>
> kinit -kt /etc/krb5.keytab
> kinit: Generic preauthentication failure while getting initial credentials

Can you show a trace with "KRB5_TRACE=/dev/stderr kinit -kt
/etc/krb5.keytab"?  What do you see in the KDC log?

Jochen

-- 
This space is intentionally left blank.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to