On Tue, Jun 02, 2015 at 10:39:31AM +0200, Christopher Lamb wrote:
> Hi Jakub
> 
> Yes root login works, that's how I've been getting into the box.
> 
> Surprisingly, kinit with my user seems to work on that box. After entering
> my password when prompted, it returns to the commandline without error.
> 
> However if I try kinit with another FreeIPA user, then instead of prompting
> for a password, it gives "Generic preauthentication failure while getting
> initial credentials" error.
> 
> Having set debug_level=10, when I try and ssh in with my FreeIPA user, I
> find errors like
> 
> "Retrieving host .... with result: .. Matching credential not found"
> 
> "Received error from KDC ... Additional pre-authentication required"
> 
> "Received error from KDC... Decrypt integrity check failed"
> 
> "Received error code 1432158219"

Replied more in-depth off-list because the logs came in a private mail
but for anyone having similar symptoms -- the Kerberos tracing info
includes the IP address of the KDC we're trying to talk to. It's worth
checking if it's the server that knows the user principal etc..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to