i have a construct with two freeipa servers and a samba ad that trusts each other. now i have rebuilt a freeipa, since then i have problems with the authentication. logging in via ssh on server works (via ssh key), but doing sudo on the server with the ad user does not work. according to logfiles the password of the ad user is checked correctly and there i also see different logs if the password is correct or wrong. Kerberos says the password is checked successfully.
however, it does not work afterwards. in the krbt5_child.log I see the following error. ==> [krb5_child[33538]] [get_and_save_tgt] (0x0020): [RID#45] 2395: [-1765328353][Decrypt integrity check failed] the trust position looks good from samba ad as well as from the ipa side. are there any who have had similar problems after reinstalling? any ideas what else I should check? -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
