[Freeipa-users] ipa-dnskeysyncd ipa : ERROR Login to LDAP server failed: {'desc': 'Invalid credentials'}

[Brian J. Murrell]

Some additional information.  I can't seem to use the CLI either. 
Perhaps that is expected:

# kinit admin
Password for admin at EXAMPLE.COM:

# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_3jm4X9m
Default principal: admin at EXAMPLE.COM

Valid starting     Expires            Service principal
21/12/16 15:29:20  22/12/16 15:29:17  krbtgt/EXAMPLE.COM at EXAMPLE.COM

# ipa host-find
ipa: ERROR: Insufficient access:  Invalid credentials

When I do that (the ipa host-find) /var/log/krb5kdc.log says:

Dec 21 15:29:28 server.example.com krb5kdc[13548](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) fd31:aeb1:48df:0:214:d1ff:fe13:45ac: ISSUE: authtime 1482352160, etypes {rep=18 tkt=18 ses=18}, admin at EXAMPLE.COM for HTTP/server.example.com at EXAMPLE.COM
Dec 21 15:29:28 server.example.com krb5kdc[13548](info): closing down fd 12
Dec 21 15:29:28 server.example.com krb5kdc[13548](info): TGS_REQ (6 etypes {18 17 16 23 25 26}) fd31:aeb1:48df:0:214:d1ff:fe13:45ac: ISSUE: authtime 1482352160, etypes {rep=18 tkt=18 ses=18}, HTTP/server.example.com at EXAMPLE.COM for ldap/server.example.com at EXAMPLE.COM
Dec 21 15:29:28 server.example.com krb5kdc[13548](info): ... CONSTRAINED-DELEGATION s4u-client=admin at EXAMPLE.COM
Dec 21 15:29:28 server.example.com krb5kdc[13548](info): closing down fd 12

Not sure if that's helpful or not but it's something new (to me) so I
thought I would add it to the case.

Most unfortunately I need to access IPA to do some configuration
changes so this is getting more unfortunate than just some errors in a
log now.  :-(

Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161221/4c554285/attachment.sig>