John Ratliff via FreeIPA-users <[email protected]> writes:
> I'm having problems with kinit and a 2FA enabled account. > > When I run kinit by itself, it says 'kinit: Generic preauthentication > failure while getting initial credentials'. > > I saw on the wiki where that problem is solved by doing one of two > things. You can login with the admin account (or some other non-2FA > account). When I do that, it asks for the OTP, but then I get a similar > error message: > > $ klist > Ticket cache: FILE:/tmp/krb5cc_760400007 > Default principal: [email protected] > > Valid starting Expires Service principal > 02/06/2018 15:58:04 02/07/2018 15:57:52 krbtgt/[email protected] > > $ kinit -T FILE:/tmp/krb5cc_760400007 jratliff > Enter OTP Token Value: > kinit: Preauthentication failed while getting initial credentials > > The same thing happens when I try to do the anonymous authentication. > > I put the output of KRB5_TRACE here https://pastebin.com/jpPDVUXi > > This happens on the CentOS 7.4 IdM server (Running 4.5 IPA) and a Debian > 9 IdM client machine. Maybe take a look at the server logs and see if there's anything there. Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
