Jochen Hein via FreeIPA-users wrote:
Mark Haney via FreeIPA-users <>

since these two servers are CentOS 6.9.  I'm almost certain I've got
everything setup correctly, but I'm still unable to login as an IPA
user either with SSH or with su - <username>. I get '<username> does
not exist'. However, I /can/ 'kinit admin' /and/ 'kinit mark.haney'

This looks like some problem with sssd.  Do you see your user with "id
<username"?  Have a look at

Yes, I'd start there as well. The keytab/kvno things I had you do was to confirm that the keytab was ok. sssd won't work with IPA without a valid keytab. Since you've confirmed that it works you can move onto sssd troubleshooting.


Rob Crittenden had me check the keytab KVNO and it matches with the
KVNO of the IPA server.  The one issue I can definitely say I have is

kinit -kt /etc/krb5.keytab
kinit: Generic preauthentication failure while getting initial credentials

Can you show a trace with "KRB5_TRACE=/dev/stderr kinit -kt
/etc/krb5.keytab"?  What do you see in the KDC log?


FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to