[Freeipa-users] Only one AD user can able to login to IPA server
Jakub Hrozek
jhrozek at redhat.com
Tue Mar 17 11:45:06 UTC 2015
On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote:
> here is separated logs:
>
> tail -f sssd_solaris.local.log
Thank you, see inline:
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv]
> (0x0400): Child responded: 14 [Decrypt integrity check failed], expired on
> [0]
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_kinit_done]
> (0x0100): Could not get TGT: 14 [Bad address]
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_cli_kinit_done]
> (0x0400): Cannot get a TGT: ret [1432158219](Authentication Failed)
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [fo_set_port_status]
> (0x0100): Marking port 0 of server 'kwtpocpbis01.solaris.local' as 'not
> working'
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [fo_set_port_status]
> (0x0400): Marking port 0 of duplicate server 'kwtpocpbis01.solaris.local'
> as 'not working'
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_handle_release]
> (0x2000): Trace: sh[0x7f6b7d2c3140], connected[1], ops[(nil)],
> ldap[0x7f6b7d265a00], destructor_lock[0], release_memory[0]
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
> [remove_connection_callback] (0x4000): Successfully removed connection
> callback.
> (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
> [check_online_callback] (0x0100): Backend returned: (3, 0, <NULL>)
> [Internal Error (Success)]
So it seems the keytab is wrong, you can also test the keytab validity
with "kinit -k"..
More information about the Freeipa-users
mailing list