I have a FreeIPA 1.2 realm running.

I've installed a new server running 2.1 and migrated the user accounts
across. I've installed a client and am trying to authenticate against
the new server. I get the following errors:

djscott@pc35:~$ kinit
Password for djsc...@example.com:
kinit: Preauthentication failed while getting initial credentials

The server krb5kdc log contains the following:

Sep 21 16:02:00 fileserver1.example.com krb5kdc[17795](info): AS_REQ
(4 etypes {18 17 16 23}) NEEDED_PREAUTH:
djsc...@example.com for krbtgt/example....@example.com, Additional
pre-authentication required
Sep 21 16:02:03 fileserver1.example.com krb5kdc[17795](info): preauth
(timestamp) verify failure: No matching key in entry
Sep 21 16:02:03 fileserver1.example.com krb5kdc[17795](info): AS_REQ
(4 etypes {18 17 16 23}) PREAUTH_FAILED:
djsc...@example.com for krbtgtexample....@example.com,
Preauthentication failed

I've been to the page:


And tried to migrate my password, but I receive:

"There was a problem with your request. Please, try again later. If
the problem persists, contact your administrator."

The same error occurs when I try to authenticate as myself on the
server, although 'id djscott' returns the correct list of groups, so
it appears that LDAP is working, but Kerberos is not. I guess it's
something to do with the password migration?

Anyone know how I can figure out what's going wrong?


Dan Scott

Freeipa-users mailing list

Reply via email to