On Tue, Jun 02, 2015 at 10:39:31AM +0200, Christopher Lamb wrote:
> Hi Jakub
> Yes root login works, that's how I've been getting into the box.
> Surprisingly, kinit with my user seems to work on that box. After entering
> my password when prompted, it returns to the commandline without error.
> However if I try kinit with another FreeIPA user, then instead of prompting
> for a password, it gives "Generic preauthentication failure while getting
> initial credentials" error.
> Having set debug_level=10, when I try and ssh in with my FreeIPA user, I
> find errors like
> "Retrieving host .... with result: .. Matching credential not found"
> "Received error from KDC ... Additional pre-authentication required"
> "Received error from KDC... Decrypt integrity check failed"
> "Received error code 1432158219"
Replied more in-depth off-list because the logs came in a private mail
but for anyone having similar symptoms -- the Kerberos tracing info
includes the IP address of the KDC we're trying to talk to. It's worth
checking if it's the server that knows the user principal etc..
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project