Thanks for your help.<br><br>I've got in krb5kdc.log :<br><br>Sep 20 17:00:47 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14155](info): TGS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: ISSUE: authtime<br>
1348153247, etypes {rep=18 tkt=18 ses=18}, host/<a href="mailto:elide.example.com@example.com">elide.example.com@example.com</a> for ldap/ipa.lix.polytechniqu<br><a href="mailto:e.fr@example.com">e.fr@example.com</a><br>
Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14164](info): AS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: NEEDED_PREAUTH: <br><a href="mailto:regis@example.com">regis@example.com</a> for krbtgt/<a href="mailto:example.com@example.com">example.com@example.com</a>, Additional pre-authentication required<br>
Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14169](info): preauth (timestamp) verify failure: No matching key in entry<br>Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14169](info): AS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: PREAUTH_FAILED: <br>
<a href="mailto:regis@example.com">regis@example.com</a> for krbtgt/<a href="mailto:example.com@example.com">example.com@example.com</a>, Preauthentication failed<br>Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14161](info): AS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: NEEDED_PREAUTH: <br>
host/<a href="mailto:elide.example.com@example.com">elide.example.com@example.com</a> for krbtgt/<a href="mailto:example.com@example.com">example.com@example.com</a>, Additional pre-auth<br>entication required<br><br><br>
I have spent the whole day trying to debug my server. I will re-install and re-migrate to see if I have missed something .. <br><br><div class="gmail_quote">2012/9/20 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div class="im">
On 09/20/2012 12:50 PM, James James wrote:
<blockquote type="cite">Oups .. migration mode is enable ... <br>
</blockquote>
<br></div>
The ldap (access, error) and kerberos logs from the server would be
helpful to troubleshoot.<br>
/var/log/dirsrv/...<br>
krb5kdc.log<div><div class="h5"><br>
<br>
<blockquote type="cite"><br>
<div class="gmail_quote">2012/9/20 James James <span dir="ltr"><<a href="mailto:jreg2k@gmail.com" target="_blank">jreg2k@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Yes config mod is enabled <br>
<div>
<div><br>
<div class="gmail_quote">2012/9/20 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div> On 09/20/2012 12:30 PM, James James wrote:
<blockquote type="cite">Hi,<br>
<br>
I've done a migration from ldap to ipa.
Everything works well but when I try to change
my password in the ui (<a href="https://ipa.example.com/ipa/migration" target="_blank">https://ipa.example.com/ipa/migration</a>)
I have this error message :<br>
<div>
<h2>We're Sorry</h2>
<div>
<p> <b>There was a problem with your
request. Please, try again later.</b>
</p>
<p> <label>If the problem persists,
contact your administrator.</label></p>
<p>In the log :<br>
</p>
<p>Thu Sep 20 18:29:54 2012] [error] ipa:
ERROR: migration bind failed:
Inappropriate authentication ()<br>
<br>
<label></label></p>
<p>Can somebody give me some help ?</p>
<p><br>
</p>
</div>
</div>
</blockquote>
</div>
</div>
And I assume the migration is in fact enabled?<br>
<pre># ipa config-mod --enable-migration=TRUE</pre>
<br>
<br>
Can it be that you are hitting <a href="https://bugzilla.redhat.com/show_bug.cgi?id=822350" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=822350</a>
<br>
<blockquote type="cite">
<div> </div>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Freeipa-users mailing list
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
<span><font color="#888888"> </font></span></blockquote>
<span><font color="#888888"> <br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</font></span></div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</blockquote>
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</div></div></div>
</blockquote></div><br>