Mark Haney via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
since these two servers are CentOS 6.9. I'm almost certain
I've got
everything setup correctly, but I'm still unable to login as an IPA
user either with SSH or with su - <username>. I get '<username> does
not exist'. However, I /can/ 'kinit admin' /and/ 'kinit mark.haney'
successfully:
This looks like some problem with sssd. Do you see your user with "id
<username"? Have a look at
https://docs.pagure.org/SSSD.sssd/users/troubleshooting.html
Rob Crittenden had me check the keytab KVNO and it matches with the
KVNO of the IPA server. The one issue I can definitely say I have is
this:
kinit -kt /etc/krb5.keytab
kinit: Generic preauthentication failure while getting initial credentials
Can you show a trace with "KRB5_TRACE=/dev/stderr kinit -kt
/etc/krb5.keytab"? What do you see in the KDC log?
Jochen
--
This space is intentionally left blank.