[Freeipa-users] Only one AD user can able to login to IPA server

Ben .T.George bentech4you at gmail.com
Tue Mar 17 12:02:00 UTC 2015 

Hi

i did kinit

[root at kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
kinit: Keytab contains no suitable keys for
host/kwtpocpbis01.solaris.local at SOLARIS.LOCAL while getting initial
credentials


i destroyed and re-created. but still same



On Tue, Mar 17, 2015 at 2:45 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:

> On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote:
> > here is separated logs:
> >
> > tail -f sssd_solaris.local.log
>
> Thank you, see inline:
>
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv]
> > (0x0400): Child responded: 14 [Decrypt integrity check failed], expired
> on
> > [0]
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_kinit_done]
> > (0x0100): Could not get TGT: 14 [Bad address]
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
> [sdap_cli_kinit_done]
> > (0x0400): Cannot get a TGT: ret [1432158219](Authentication Failed)
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [fo_set_port_status]
> > (0x0100): Marking port 0 of server 'kwtpocpbis01.solaris.local' as 'not
> > working'
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [fo_set_port_status]
> > (0x0400): Marking port 0 of duplicate server 'kwtpocpbis01.solaris.local'
> > as 'not working'
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
> [sdap_handle_release]
> > (0x2000): Trace: sh[0x7f6b7d2c3140], connected[1], ops[(nil)],
> > ldap[0x7f6b7d265a00], destructor_lock[0], release_memory[0]
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
> > [remove_connection_callback] (0x4000): Successfully removed connection
> > callback.
> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
> > [check_online_callback] (0x0100): Backend returned: (3, 0, <NULL>)
> > [Internal Error (Success)]
>
> So it seems the keytab is wrong, you can also test the keytab validity
> with "kinit -k"..
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150317/800ba1d6/attachment.htm>

More information about the Freeipa-users mailing list