nandha kumar writes: > I am running redhat 7.5 with freeipa 4.5 . I have established AD one > way sync using password. I am able to ssh the ipa client and ipa > server with windows administrator account , But when I try to login > with normal AD user I am receiving the error " kinit: Password > incorrect while getting initial credentials"
Can you kinit as the administrator account? > ipa --version > VERSION: 4.5.4, API_VERSION: 2.228 > > KRB5_TRACE=/dev/stdout kinit -V [email protected] > [28904] 1546967107.58765: Resolving unique ccache of type KEYRING > Using new cache: persistent:0:krb_ccache_nLG0yqq > > [28904] 1546967107.58777: Response was not from master KDC > [28904] 1546967107.58778: Received error from KDC: -1765328359/Additional > pre-authentication required > [28904] 1546967107.58781: Processing preauth types: 16, 15, 19, 2 > [28904] 1546967107.58782: Selected etype info: etype aes256-cts, salt > "APRIM.XXX nandha.kumaravel", params "" > [28904] 1546967107.58783: PKINIT client has no configured identity; giving up > [28904] 1546967107.58784: PKINIT client has no configured identity; giving up > [28904] 1546967107.58785: Preauth module pkinit (16) (real) returned: > 22/Invalid argument > [28904] 1546967107.58786: PKINIT client has no configured identity; giving up > [28904] 1546967107.58787: Preauth module pkinit (14) (real) returned: > 22/Invalid argument > Password for [email protected]: > [28904] 1546967125.768563: AS key obtained for encrypted timestamp: > aes256-cts/675E > [28904] 1546967125.768565: Encrypted timestamp (for 1546967099.435765): plain > 301AA011180F32303139303130383137303435395AA105020306A635, encrypted > D03014021DFD2120B8EC876B6A6568CEC53DFFE6AB5003028B81A18173717C2C14259C5002A41900A974FF0E2F372EECB9E7F4836AE0DD43 > [28904] 1546967125.768566: Preauth module encrypted_timestamp (2) (real) > returned: 0/Success > [28904] 1546967125.768567: Produced preauth for next request: 2 > [ > [28904] 1546967125.768577: Response was not from master KDC > [28904] 1546967125.768578: Received error from KDC: > -1765328360/Preauthentication failed > [28904] 1546967125.768580: Preauth tryagain input types: 16, 14, 19, 2 > [28904] 1546967125.768581: Retrying AS request with master KDC > [28904] 1546967125.768582: Getting initial credentials for > [email protected] > [28904] 1546967125.768584: Sending request (182 bytes) to aprim.xxx (master) > kinit: Password incorrect while getting initial credentials Can you verify that your password is actually correct? Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
