On 09/06/16 13:18, Pavel Picka wrote:
Hi,
Have anyone experience, when create user on ipa-server, and want to login on
client with this user I get :
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
(with kinit [1st time change] was password changed to new one)
even with another change with ipa user-mod --password I am getting same result
and on client in /var/log/messages found :
Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check failed
Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check failed
Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check failed
Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check failed
Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check failed
Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check failed
--
Pavel Picka
Hi Pavel!
I have few questions that may help locating the issue:
Are you able to kinit as the user on server and client?
Are you able to ssh to the client as the admin?
What is the output of "id user" on client?
--
David Kupka
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
