Jochen Hein via FreeIPA-users wrote:
Mark Haney via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
writes:

since these two servers are CentOS 6.9.  I'm almost certain I've got
everything setup correctly, but I'm still unable to login as an IPA
user either with SSH or with su - <username>. I get '<username> does
not exist'. However, I /can/ 'kinit admin' /and/ 'kinit mark.haney'
successfully:

This looks like some problem with sssd.  Do you see your user with "id
<username"?  Have a look at
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html

Yes, I'd start there as well. The keytab/kvno things I had you do was to confirm that the keytab was ok. sssd won't work with IPA without a valid keytab. Since you've confirmed that it works you can move onto sssd troubleshooting.

rob


Rob Crittenden had me check the keytab KVNO and it matches with the
KVNO of the IPA server.  The one issue I can definitely say I have is
this:

kinit -kt /etc/krb5.keytab
kinit: Generic preauthentication failure while getting initial credentials

Can you show a trace with "KRB5_TRACE=/dev/stderr kinit -kt
/etc/krb5.keytab"?  What do you see in the KDC log?

Jochen

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to