<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">More info:<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I can initiate a ticket:<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><span style="font-family:monospace,monospace">$ kdestroy<br>$ kinit admin</span><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">but cannot view user admin:<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><span style="font-family:monospace,monospace">$ ipa user-show admin<br>ipa: ERROR: cannot connect to '<a href="https://zaira2.opera/ipa/json">https://zaira2.opera/ipa/json</a>': Unauthorized</span><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br><span style="font-family:monospace,monospace">$ ipactl status<br>Directory Service: RUNNING<br>krb5kdc Service: RUNNING<br>kadmin Service: RUNNING<br>named Service: RUNNING<br>ipa_memcached Service: RUNNING<br>httpd Service: RUNNING<br>pki-tomcatd Service: RUNNING<br>smb Service: RUNNING<br>winbind Service: RUNNING<br>ipa-otpd Service: RUNNING<br>ipa-dnskeysyncd Service: RUNNING<br>ipa: INFO: The ipactl command was successful<br><br></span></div><div class="gmail_default"><span style="font-family:arial,helvetica,sans-serif">/var/log/messages:<br></span></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><span style="font-family:monospace,monospace">Oct  2 14:48:55 zaira2 [sssd[ldap_child[4991]]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Decrypt integrity check failed. Unable to create GSSAPI-encrypted LDAP connection.<br><br></span><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 2, 2015 at 2:26 PM, Fujisan <span dir="ltr"><<a href="mailto:fujisan43@gmail.com" target="_blank">fujisan43@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:arial,helvetica,sans-serif">Hello,<br><br></div><div style="font-family:arial,helvetica,sans-serif">I cannot login to the web UI anymore.<br><br><span style="font-family:monospace,monospace">The password or username you entered is incorrect.</span><br><br></div><div style="font-family:arial,helvetica,sans-serif">Log says:<br><br><span style="font-family:monospace,monospace">Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17 16 23 25 26 1 3 2}) <a href="http://10.0.21.18" target="_blank">10.0.21.18</a>: NEEDED_PREAUTH: HTTP/zaira2.opera@OPERA for krbtgt/OPERA@OPERA, Additional pre-authentication required<br>Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12<br>Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed<br>Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17 16 23 25 26 1 3 2}) <a href="http://10.0.21.18" target="_blank">10.0.21.18</a>: PREAUTH_FAILED: HTTP/zaira2.opera@OPERA for krbtgt/OPERA@OPERA, Decrypt integrity check failed<br>Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12<br></span><br><br></div><div style="font-family:arial,helvetica,sans-serif">I have no idea what went wrong.<br><br></div><div style="font-family:arial,helvetica,sans-serif">What can I do?<br><br></div><div style="font-family:arial,helvetica,sans-serif">​Regards,<br></div><div style="font-family:arial,helvetica,sans-serif">Fuji​</div><br>
</div>
</blockquote></div><br></div></div>