On Thu, Jun 09, 2016 at 07:18:19AM -0400, Pavel Picka wrote:
> Hi, 
> 
> Have anyone experience, when create user on ipa-server, and want to login on 
> client with this user I get : 
> 
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
> 
> (with kinit [1st time change] was password changed to new one) 
> even with another change with ipa user-mod --password I am getting same result
> 
> and on client in /var/log/messages found :
> 
> Jun  9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check 
> failed
> Jun  9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check 
> failed
> Jun  9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check 
> failed
> Jun  9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check 
> failed
> Jun  9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check 
> failed
> Jun  9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check 
> failed

This normally means wrong password. Does this happen only with the
initial expired password or even after you reset the password and kinit?

Can you send more verbose krb5_child.log?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to