On 05/04/2015 11:49 AM, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!

So I have a strange Kerberos problem trying to figure out. On a CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket as expected. However, if I login to a 6.6 client, it doesn't seem to work. Both were enrolled the same, obviously one is newer.

Now, it gets stranger. The "servers" are CentOS 7.1 also. If I login as root, bypassing kerberos, and then do "kinit admin" it works just fine. But if I do "kinit usera" I get:

kinit: Generic preauthentication failure while getting initial credentials

Which makes no sense. The account works with a 7.1 client but not a 6.x client?? And yet "admin" works, no matter what. What am I missing here?

~J

This is really strange. What does happen on the server when you try kinit usera? Have you checked the KDC log? Look at the usera entry, may be there is some strange attribute there that causes this failure. Compare with admin entry. May be it will shed some light.

--
Thank you,
Dmitri Pal

Director of Engineering for IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to