On 05/04/2015 11:49 AM, Janelle wrote:
Happy Star Wars Day!
May the Fourth be with you!
So I have a strange Kerberos problem trying to figure out. On a
CLIENT, (CentOS 7.1) if I login to account "usera" they get a ticket
as expected. However, if I login to a 6.6 client, it doesn't seem to
work. Both were enrolled the same, obviously one is newer.
Now, it gets stranger. The "servers" are CentOS 7.1 also. If I login
as root, bypassing kerberos, and then do "kinit admin" it works just
fine. But if I do "kinit usera" I get:
kinit: Generic preauthentication failure while getting initial
credentials
Which makes no sense. The account works with a 7.1 client but not a
6.x client?? And yet "admin" works, no matter what. What am I missing
here?
~J
This is really strange. What does happen on the server when you try
kinit usera? Have you checked the KDC log?
Look at the usera entry, may be there is some strange attribute there
that causes this failure. Compare with admin entry. May be it will shed
some light.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
