On Няд, 15 чэр 2025, Felix O via FreeIPA-users wrote:
Hi The certificate at /var/kerberos/krb5kdc/kdc.crt is renewed and is currently valid.When checking the Kerberos logs, this error is given Jun 15 10:28:34 ipa.company.com krb5kdc[15712](info): AS_REQ (4 etypes {aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17)}) 194.47.245.194: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required Jun 15 10:28:34 ipa.company.com krb5kdc[15712](info): closing down fd 11 Jun 15 10:28:34 ipa.company.com krb5kdc[15712](info): preauth (spake) verify failure: Preauthentication failed
This means admin account has different password than what is provided by the client. E.g. password is incorrect. Do you see any other issues in the krb5kdc.log? -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
