More info: I can initiate a ticket: $ kdestroy $ kinit admin
but cannot view user admin: $ ipa user-show admin ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized $ ipactl status Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING named Service: RUNNING ipa_memcached Service: RUNNING httpd Service: RUNNING pki-tomcatd Service: RUNNING smb Service: RUNNING winbind Service: RUNNING ipa-otpd Service: RUNNING ipa-dnskeysyncd Service: RUNNING ipa: INFO: The ipactl command was successful /var/log/messages: Oct 2 14:48:55 zaira2 [sssd[ldap_child[4991]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Decrypt integrity check failed. Unable to create GSSAPI-encrypted LDAP connection. On Fri, Oct 2, 2015 at 2:26 PM, Fujisan <[email protected]> wrote: > Hello, > > I cannot login to the web UI anymore. > > The password or username you entered is incorrect. > > Log says: > > Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17 > 16 23 25 26 1 3 2}) 10.0.21.18: NEEDED_PREAUTH: HTTP/zaira2.opera@OPERA > for krbtgt/OPERA@OPERA, Additional pre-authentication required > Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12 > Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): preauth > (encrypted_timestamp) verify failure: Decrypt integrity check failed > Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17 > 16 23 25 26 1 3 2}) 10.0.21.18: PREAUTH_FAILED: HTTP/zaira2.opera@OPERA > for krbtgt/OPERA@OPERA, Decrypt integrity check failed > Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12 > > > I have no idea what went wrong. > > What can I do? > > Regards, > Fuji > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
