On Wed, Mar 10, 2021 at 07:06:34AM -0000, Sam Bell via FreeIPA-users wrote: > Thanks for the reply. > Following are the details: > Server ip: 192.168.0.245 > Client : 192.168.0.248 > krb5_child.log content: ... > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436837: SPAKE challenge received with group 1, pubkey > B1A9EF557490B82926C709104562B7909C90B6D048029750F6B6BACE2CBD5330 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436838: SPAKE key generated with pubkey > 84DDE37EADDB0AA67C31779625F3BF1F9F303AC2D05C6CD70D02F0E12AC00BE8 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436839: SPAKE algorithm result: > E9B4976DA979CDE31FCD41F5CC95F4D1A4E396C3D7E20616E8429F5FD5280FAD > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436840: SPAKE final transcript hash: > C1D6EB57E4845C6CCA389D4574854A0169B510EEFE72E400F9523C187EB1AE98 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436841: Sending SPAKE response > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436842: Preauth module spake (151) (real) returned: > 0/Success > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436843: Produced preauth for next request: PA-FX-COOKIE > (133), PA-SPAKE (151) > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436844: Encoding request body and padata into FAST request > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436845: Sending request (1395 bytes) to FREEIPA.LAB > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436846: Initiating TCP connection to stream 192.168.0.245:88 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436847: Sending TCP request to stream 192.168.0.245:88 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436848: Received answer (768 bytes) from stream > 192.168.0.245:88 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436849: Terminating TCP connection to stream > 192.168.0.245:88 > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436850: Response was from master KDC > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436851: Received error from KDC: > -1765328360/Preauthentication failed > > (2021-03-10 15:47:12): [krb5_child[3067]] [sss_child_krb5_trace_cb] (0x4000): > [3067] 1615358832.436852: Decoding FAST response > > (2021-03-10 15:47:12): [krb5_child[3067]] [get_and_save_tgt] (0x0020): 1704: > [-1765328360][Preauthentication failed] > (2021-03-10 15:47:12): [krb5_child[3067]] [map_krb5_error] (0x0020): 1833: > [-1765328360][Preauthentication failed] > (2021-03-10 15:47:12): [krb5_child[3067]] [k5c_send_data] (0x0200): Received > error code 1432158222 > (2021-03-10 15:47:12): [krb5_child[3067]] [pack_response_packet] (0x2000): > response packet size: [4] > (2021-03-10 15:47:12): [krb5_child[3067]] [k5c_send_data] (0x4000): Response > sent. > (2021-03-10 15:47:12): [krb5_child[3067]] [main] (0x0400): krb5_child > completed successfully
Hi, 'Preauthentication failed' is returned by the KDC and typically indicates a wrong password. Since it works with the older IPA client I expect that the password should work. Can you check in the krb5kdc.log in the FreeIPA server what messages are logged at the same time? bye, Sumit _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
