[Freeipa-users] Only one AD user can able to login to IPA server

Ben .T.George bentech4you at gmail.com
Tue Mar 17 18:19:45 UTC 2015 

Hi all

how can i fix this issue.? even i tried to trust add AD again. that too
failed.

from where i need to troubleshoot ?

On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George <bentech4you at gmail.com>
wrote:

> Hi
>
> i did kinit
>
> [root at kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
> kinit: Keytab contains no suitable keys for
> host/kwtpocpbis01.solaris.local at SOLARIS.LOCAL while getting initial
> credentials
>
>
> i destroyed and re-created. but still same
>
>
>
> On Tue, Mar 17, 2015 at 2:45 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
>
>> On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote:
>> > here is separated logs:
>> >
>> > tail -f sssd_solaris.local.log
>>
>> Thank you, see inline:
>>
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv]
>> > (0x0400): Child responded: 14 [Decrypt integrity check failed], expired
>> on
>> > [0]
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_kinit_done]
>> > (0x0100): Could not get TGT: 14 [Bad address]
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [sdap_cli_kinit_done]
>> > (0x0400): Cannot get a TGT: ret [1432158219](Authentication Failed)
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [fo_set_port_status]
>> > (0x0100): Marking port 0 of server 'kwtpocpbis01.solaris.local' as 'not
>> > working'
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [fo_set_port_status]
>> > (0x0400): Marking port 0 of duplicate server
>> 'kwtpocpbis01.solaris.local'
>> > as 'not working'
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [sdap_handle_release]
>> > (0x2000): Trace: sh[0x7f6b7d2c3140], connected[1], ops[(nil)],
>> > ldap[0x7f6b7d265a00], destructor_lock[0], release_memory[0]
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> > [remove_connection_callback] (0x4000): Successfully removed connection
>> > callback.
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> > [check_online_callback] (0x0100): Backend returned: (3, 0, <NULL>)
>> > [Internal Error (Success)]
>>
>> So it seems the keytab is wrong, you can also test the keytab validity
>> with "kinit -k"..
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150317/14d0c188/attachment.htm>

More information about the Freeipa-users mailing list