[Freeipa-users] SSH login to client
David Kupka
dkupka at redhat.com
Thu Jun 9 11:45:26 UTC 2016
On 09/06/16 13:18, Pavel Picka wrote:
> Hi,
>
> Have anyone experience, when create user on ipa-server, and want to login on client with this user I get :
>
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
>
> (with kinit [1st time change] was password changed to new one)
> even with another change with ipa user-mod --password I am getting same result
>
> and on client in /var/log/messages found :
>
> Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check failed
> Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check failed
> Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check failed
> Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check failed
> Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check failed
> Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check failed
>
>
>
> --
> Pavel Picka
>
Hi Pavel!
I have few questions that may help locating the issue:
Are you able to kinit as the user on server and client?
Are you able to ssh to the client as the admin?
What is the output of "id user" on client?
--
David Kupka
More information about the Freeipa-users
mailing list