Thanks for your help.<br><br>I've got in krb5kdc.log :<br><br>Sep 20 17:00:47 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14155](info): TGS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: ISSUE: authtime<br> 1348153247, etypes {rep=18 tkt=18 ses=18}, host/<a href="mailto:elide.example.com@example.com">elide.example.com@example.com</a> for ldap/ipa.lix.polytechniqu<br><a href="mailto:e.fr@example.com">e.fr@example.com</a><br> Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14164](info): AS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: NEEDED_PREAUTH: <br><a href="mailto:regis@example.com">regis@example.com</a> for krbtgt/<a href="mailto:example.com@example.com">example.com@example.com</a>, Additional pre-authentication required<br> Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14169](info): preauth (timestamp) verify failure: No matching key in entry<br>Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14169](info): AS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: PREAUTH_FAILED: <br> <a href="mailto:regis@example.com">regis@example.com</a> for krbtgt/<a href="mailto:example.com@example.com">example.com@example.com</a>, Preauthentication failed<br>Sep 20 17:00:56 <a href="http://ipa.example.com">ipa.example.com</a> krb5kdc[14161](info): AS_REQ (4 etypes {18 17 16 23}) <a href="http://129.104.11.72">129.104.11.72</a>: NEEDED_PREAUTH: <br> host/<a href="mailto:elide.example.com@example.com">elide.example.com@example.com</a> for krbtgt/<a href="mailto:example.com@example.com">example.com@example.com</a>, Additional pre-auth<br>entication required<br><br><br> I have spent the whole day trying to debug my server. I will re-install and re-migrate to see if I have missed something .. <br><br><div class="gmail_quote">2012/9/20 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"><div class="im"> On 09/20/2012 12:50 PM, James James wrote: <blockquote type="cite">Oups .. migration mode is enable ... <br> </blockquote> <br></div> The ldap (access, error) and kerberos logs from the server would be helpful to troubleshoot.<br> /var/log/dirsrv/...<br> krb5kdc.log<div><div class="h5"><br> <br> <blockquote type="cite"><br> <div class="gmail_quote">2012/9/20 James James <span dir="ltr"><<a href="mailto:jreg2k@gmail.com" target="_blank">jreg2k@gmail.com</a>></span><br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Yes config mod is enabled <br> <div> <div><br> <div class="gmail_quote">2012/9/20 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div bgcolor="#FFFFFF" text="#000000"> <div> <div> On 09/20/2012 12:30 PM, James James wrote: <blockquote type="cite">Hi,<br> <br> I've done a migration from ldap to ipa. Everything works well but when I try to change my password in the ui (<a href="https://ipa.example.com/ipa/migration" target="_blank">https://ipa.example.com/ipa/migration</a>) I have this error message :<br> <div> <h2>We're Sorry</h2> <div> <p> <b>There was a problem with your request. Please, try again later.</b> </p> <p> <label>If the problem persists, contact your administrator.</label></p> <p>In the log :<br> </p> <p>Thu Sep 20 18:29:54 2012] [error] ipa: ERROR: migration bind failed: Inappropriate authentication ()<br> <br> <label></label></p> <p>Can somebody give me some help ?</p> <p><br> </p> </div> </div> </blockquote> </div> </div> And I assume the migration is in fact enabled?<br> <pre># ipa config-mod --enable-migration=TRUE</pre> <br> <br> Can it be that you are hitting <a href="https://bugzilla.redhat.com/show_bug.cgi?id=822350" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=822350</a> <br> <blockquote type="cite"> <div> </div> <br> <br> <fieldset></fieldset> <br> <pre>_______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> <span><font color="#888888"> </font></span></blockquote> <span><font color="#888888"> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </font></span></div> </blockquote> </div> <br> </div> </div> </blockquote> </div> <br> </blockquote> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </div></div></div> </blockquote></div><br>