On 11/27/2013 12:51 AM, Dmitri Pal wrote: > On 11/26/2013 05:15 PM, siology.io wrote: >> for what it's worth, kinit on the command line of the ipa server works >> just fine, and detects the realm ok. > > OK then let us rule out DNS for a moment. > > Have you checked the KDC log to see whether the authentication actually > occurred? > If kinit works, I suspect it works too but worth checking. > > May be there are some problems with memcached after the form based > authentication to cache the authentication. KDC log would show whether > the kinit and follow up service ticket request for LDAP access actually > occurred.
This is a good suggestion. Please see if ipa_memcached daemon is running, there was a glitch in one of the upgrades in the past which did not configure it correctly. If it is not, I can advise how to fix it. Martin _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
