I think you're on to something here. I just reset the user's password on IPA
and get the "password expired" message but I get that regardless of what I
enter for the user's password. I'm confused as to why I can make the user
auth work with a normal KDC but I'm having so much trouble with IPA-KDC.
Going to wipe the Win7 config and start fresh on that system.

On Mon, Sep 19, 2011 at 10:31 AM, Simo Sorce <s...@redhat.com> wrote:

> On Mon, 2011-09-19 at 10:10 -0400, Jimmy wrote:
> > I have verified that the password set for the workstation in the
> > kerberos host principal(using ipa-getkeytab) and the password on the
> > host (using ksetup) are the same. I'm still getting the " Decrypt
> > integrity check failed" errors. I have also verified that the system
> > clock is accurate on both the KDC and the workstation. What else could
> > be causing this? As I have said, this system authenticates flawlessly
> > against other KDC's I have set up.
> The thing that is failing is your user password does not check with what
> the KDC thinks is the user's secret. You are not yet to the stage where
> the machine password is tried.
> Simo.
> >
> --
> Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list

Reply via email to