[Users] preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed

Mon, 19 Aug 2013 15:26:33 -0700 

Hello,

I tried to add a IPA directory domain following these instructions: 
https://www.rvanderlinden.net/wordpress/ovirt/administrator-portal/administrator-portal-authentication-via-ipa/

It appears the domain was added successfully, but cannot be validated:

[root@vhost1 ~]# engine-manage-domains -action=add -domain=domain.local 
-user=admin -provider=ipa -interactive
Enter password:

The domain domain.local has been added to the engine as an authentication 
source but no users from that domain have been granted permissions within the 
oVirt Manager.
Users from this domain can be granted permissions from the Web administration 
interface.
oVirt Engine restart is required in order for the changes to take place 
(service ovirt-engine restart).
Manage Domains completed successfully
[root@vhost1 ~]# service ovirt-engine restart
Stopping engine-service: [  OK  ]
Starting engine-service: [  OK  ]
[root@vhost1 ~]# engine-manage-domains -action=validate -report
Error:  exception message: Integrity check on decrypted field failed (31) - 
PREAUTH_FAILED
WARNING, domain: domain.local may not be functional: Failure while testing 
domain domain.local. Details: Kerberos error. Please check log for further 
details.
Manage Domains completed successfully
[root@vhost1 ~]# 

krb5kdc.log has the following entries:
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 
10.0.1.12: NEEDED_PREAUTH: admin@DOMAIN.LOCAL for 
krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL, Additional pre-authentication required
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 
10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 ses=23}, 
admin@DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): TGS_REQ (6 etypes {18 17 
16 23 1 3}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 
ses=18}, admin@DOMAIN.LOCAL for ldap/auth.domain.local@DOMAIN.LOCAL
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10

Any idea?

Thanks,

Haven
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to