On Thu, Jun 09, 2016 at 07:18:19AM -0400, Pavel Picka wrote: > Hi, > > Have anyone experience, when create user on ipa-server, and want to login on > client with this user I get : > > Permission denied, please try again. > Permission denied, please try again. > Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). > > (with kinit [1st time change] was password changed to new one) > even with another change with ipa user-mod --password I am getting same result > > and on client in /var/log/messages found : > > Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check > failed > Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check > failed > Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check > failed > Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check > failed > Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check > failed > Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check > failed
This normally means wrong password. Does this happen only with the initial expired password or even after you reset the password and kinit? Can you send more verbose krb5_child.log? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
