On 10/02/2015 02:52 PM, Fujisan wrote:
More info:
I can initiate a ticket:
$ kdestroy
$ kinit admin
but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
/var/log/messages:
Oct 2 14:48:55 zaira2 [sssd[ldap_child[4991]]]: Failed to initialize
credentials using keytab [MEMORY:/etc/krb5.keytab]: Decrypt integrity
check failed. Unable to create GSSAPI-encrypted LDAP connection.
On Fri, Oct 2, 2015 at 2:26 PM, Fujisan <[email protected]
<mailto:[email protected]>> wrote:
Hello,
I cannot login to the web UI anymore.
The password or username you entered is incorrect.
Log says:
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes
{18 17 16 23 25 26 1 3 2}) 10.0.21.18 <http://10.0.21.18>:
NEEDED_PREAUTH: HTTP/zaira2.opera@OPERA for krbtgt/OPERA@OPERA,
Additional pre-authentication required
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): preauth
(encrypted_timestamp) verify failure: Decrypt integrity check failed
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes
{18 17 16 23 25 26 1 3 2}) 10.0.21.18 <http://10.0.21.18>:
PREAUTH_FAILED: HTTP/zaira2.opera@OPERA for krbtgt/OPERA@OPERA,
Decrypt integrity check failed
Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12
I have no idea what went wrong.
What can I do?
Regards,
Fuji
What version of FreeIPA are you running?
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
