On 09/06/16 13:18, Pavel Picka wrote:
Hi,

Have anyone experience, when create user on ipa-server, and want to login on 
client with this user I get :

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

(with kinit [1st time change] was password changed to new one)
even with another change with ipa user-mod --password I am getting same result

and on client in /var/log/messages found :

Jun  9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check failed
Jun  9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check failed
Jun  9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check failed
Jun  9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check failed
Jun  9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check failed
Jun  9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check failed



--
Pavel Picka

Hi Pavel!

I have few questions that may help locating the issue:

Are you able to kinit as the user on server and client?
Are you able to ssh to the client as the admin?
What is the output of "id user" on client?

--
David Kupka

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to