On 11/27/2013 12:51 AM, Dmitri Pal wrote:
> On 11/26/2013 05:15 PM, siology.io wrote:
>> for what it's worth, kinit on the command line of the ipa server works
>> just fine, and detects the realm ok.
> OK then let us rule out DNS for a moment.
> Have you checked the KDC log to see whether the authentication actually
> occurred?
> If kinit works, I suspect it works too but worth checking.
> May be there are some problems with memcached after the form based
> authentication to cache the authentication. KDC log would show whether
> the kinit and follow up service ticket request for LDAP access actually
> occurred.

This is a good suggestion. Please see if ipa_memcached daemon is running, there
was a glitch in one of the upgrades in the past which did not configure it
correctly.  If it is not, I can advise how to fix it.


Freeipa-users mailing list

Reply via email to