Hi, I have a FreeIPA 1.2 realm running.
I've installed a new server running 2.1 and migrated the user accounts across. I've installed a client and am trying to authenticate against the new server. I get the following errors: djscott@pc35:~$ kinit Password for [email protected]: kinit: Preauthentication failed while getting initial credentials djscott@pc35:~$ The server krb5kdc log contains the following: Sep 21 16:02:00 fileserver1.example.com krb5kdc[17795](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.1.35: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required Sep 21 16:02:03 fileserver1.example.com krb5kdc[17795](info): preauth (timestamp) verify failure: No matching key in entry Sep 21 16:02:03 fileserver1.example.com krb5kdc[17795](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.1.35: PREAUTH_FAILED: [email protected] for [email protected], Preauthentication failed I've been to the page: https://fileserver1.example.com/ipa/migration/ And tried to migrate my password, but I receive: "There was a problem with your request. Please, try again later. If the problem persists, contact your administrator." The same error occurs when I try to authenticate as myself on the server, although 'id djscott' returns the correct list of groups, so it appears that LDAP is working, but Kerberos is not. I guess it's something to do with the password migration? Anyone know how I can figure out what's going wrong? Thanks, Dan Scott _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
