[Freeipa-users] Cannot connect to FreeIPA web UI anymore
Martin Babinsky
mbabinsk at redhat.com
Fri Oct 2 13:27:03 UTC 2015
On 10/02/2015 02:52 PM, Fujisan wrote:
> More info:
>
> I can initiate a ticket:
> $ kdestroy
> $ kinit admin
>
> but cannot view user admin:
> $ ipa user-show admin
> ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized
>
> $ ipactl status
> Directory Service: RUNNING
> krb5kdc Service: RUNNING
> kadmin Service: RUNNING
> named Service: RUNNING
> ipa_memcached Service: RUNNING
> httpd Service: RUNNING
> pki-tomcatd Service: RUNNING
> smb Service: RUNNING
> winbind Service: RUNNING
> ipa-otpd Service: RUNNING
> ipa-dnskeysyncd Service: RUNNING
> ipa: INFO: The ipactl command was successful
>
> /var/log/messages:
> Oct 2 14:48:55 zaira2 [sssd[ldap_child[4991]]]: Failed to initialize
> credentials using keytab [MEMORY:/etc/krb5.keytab]: Decrypt integrity
> check failed. Unable to create GSSAPI-encrypted LDAP connection.
>
>
>
> On Fri, Oct 2, 2015 at 2:26 PM, Fujisan <fujisan43 at gmail.com
> <mailto:fujisan43 at gmail.com>> wrote:
>
> Hello,
>
> I cannot login to the web UI anymore.
>
> The password or username you entered is incorrect.
>
> Log says:
>
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes
> {18 17 16 23 25 26 1 3 2}) 10.0.21.18 <http://10.0.21.18>:
> NEEDED_PREAUTH: HTTP/zaira2.opera at OPERA for krbtgt/OPERA at OPERA,
> Additional pre-authentication required
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): preauth
> (encrypted_timestamp) verify failure: Decrypt integrity check failed
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes
> {18 17 16 23 25 26 1 3 2}) 10.0.21.18 <http://10.0.21.18>:
> PREAUTH_FAILED: HTTP/zaira2.opera at OPERA for krbtgt/OPERA at OPERA,
> Decrypt integrity check failed
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12
>
>
> I have no idea what went wrong.
>
> What can I do?
>
> Regards,
> Fuji
>
>
>
>
What version of FreeIPA are you running?
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list