On 10/01/18 13:53, Alexander Bokovoy wrote:
On ke, 10 tammi 2018, lejeczek via FreeIPA-users wrote:
On 10/01/18 12:42, Alexander Bokovoy via FreeIPA-users
wrote:
On ke, 10 tammi 2018, lejeczek via FreeIPA-users wrote:
hi
would you know if normal is below from ipa * commands,
before kinit is done?:
ipa: ERROR: Major (851968): Unspecified GSS failure.
Minor code may provide more information, Minor
(2529638943): Decrypt integrity check failed
I remember before, tools would silently execute if a
ticket was not there, but do not recall errors like above.
This is basically a Kerberos way to say 'your password
is not the same
as KDC thinks it is'. Somebody did run ipa-getkeytab on
the entry?
Could it be due to failure of auth-rpcgss-module.service
to start?
In LXC without a small tweak auth-rpcgss-module.service
fails.
I don't think so. Can you give more logs and context to
understand where
this comes from?
Nope, like you thought, I also see it on a newly installed
4.5.0. on a bare metal. I'm on Centos 7.4
Gee.. not much context, like a say, new IPA and when I
execute ipa commands I see that error.
$ ipa topologysegment-find
ipa: ERROR: Major (851968): Unspecified GSS failure. Minor
code may provide more information, Minor (2529638943):
Decrypt integrity check failed
And on that new installations, lifetime of a ticket feels
weirdly short. I do kinit two 2 minutes later (I do nothing,
no other human is, on the system) I get the same error
again. This is all locally via ssh on the server.
Feel free to tell me what info, logs to get you.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org