[Freeipa-users] Windows client logon
Jimmy
g17jimmy at gmail.com
Mon Sep 19 14:58:51 UTC 2011
I think you're on to something here. I just reset the user's password on IPA
and get the "password expired" message but I get that regardless of what I
enter for the user's password. I'm confused as to why I can make the user
auth work with a normal KDC but I'm having so much trouble with IPA-KDC.
Going to wipe the Win7 config and start fresh on that system.
On Mon, Sep 19, 2011 at 10:31 AM, Simo Sorce <simo at redhat.com> wrote:
> On Mon, 2011-09-19 at 10:10 -0400, Jimmy wrote:
> > I have verified that the password set for the workstation in the
> > kerberos host principal(using ipa-getkeytab) and the password on the
> > host (using ksetup) are the same. I'm still getting the " Decrypt
> > integrity check failed" errors. I have also verified that the system
> > clock is accurate on both the KDC and the workstation. What else could
> > be causing this? As I have said, this system authenticates flawlessly
> > against other KDC's I have set up.
>
> The thing that is failing is your user password does not check with what
> the KDC thinks is the user's secret. You are not yet to the stage where
> the machine password is tried.
>
> Simo.
> >
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110919/f3f91f24/attachment.htm>
More information about the Freeipa-users
mailing list