Mark Haney via FreeIPA-users <firstname.lastname@example.org>
> since these two servers are CentOS 6.9. I'm almost certain I've got
> everything setup correctly, but I'm still unable to login as an IPA
> user either with SSH or with su - <username>. I get '<username> does
> not exist'. However, I /can/ 'kinit admin' /and/ 'kinit mark.haney'
This looks like some problem with sssd. Do you see your user with "id
<username"? Have a look at
> Rob Crittenden had me check the keytab KVNO and it matches with the
> KVNO of the IPA server. The one issue I can definitely say I have is
> kinit -kt /etc/krb5.keytab
> kinit: Generic preauthentication failure while getting initial credentials
Can you show a trace with "KRB5_TRACE=/dev/stderr kinit -kt
/etc/krb5.keytab"? What do you see in the KDC log?
This space is intentionally left blank.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org