On Няд, 15 чэр 2025, Felix O via FreeIPA-users wrote:
Hi The certificate at /var/kerberos/krb5kdc/kdc.crt is renewed and is currently valid.When checking the Kerberos logs, this error is given Jun 15 10:28:34 ipa.company.com krb5kdc[15712](info): AS_REQ (4 etypes {aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17)}) 194.47.245.194: NEEDED_PREAUTH: ad...@company.com for krbtgt/company....@company.com, Additional pre-authentication required Jun 15 10:28:34 ipa.company.com krb5kdc[15712](info): closing down fd 11 Jun 15 10:28:34 ipa.company.com krb5kdc[15712](info): preauth (spake) verify failure: Preauthentication failed
This means admin account has different password than what is provided by the client. E.g. password is incorrect. Do you see any other issues in the krb5kdc.log? -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
