On Mon, 2015-05-04 at 08:49 -0700, Janelle wrote: > Happy Star Wars Day! > May the Fourth be with you! > > So I have a strange Kerberos problem trying to figure out. On a > CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket as > expected. However, if I login to a 6.6 client, it doesn't seem to work. > Both were enrolled the same, obviously one is newer. > > Now, it gets stranger. The "servers" are CentOS 7.1 also. If I login as > root, bypassing kerberos, and then do "kinit admin" it works just fine. > But if I do "kinit usera" I get: > > kinit: Generic preauthentication failure while getting initial credentials > > Which makes no sense. The account works with a 7.1 client but not a 6.x > client?? And yet "admin" works, no matter what. What am I missing here?
Have you recently changed the user password ? If so this symptom may indicate you are having replication issues between your servers, and one of the client is hitting the server that didn't get the keys replicated to it. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project