On 22.02.22 00:08, Angus Clarke wrote:
I was meant to have attached the script sorry!
Attached now.
Hope it helps
Angus
________________________________
From: Michael Schwartzkopff<ms(a)sys4.de>
Sent: 21 February 2022 23:39
To: Angus Clarke<angus(a)charworth.com>
Subject: Re: [Freeipa-users] Re: FreeIPA, kinit with OTP
On 21.02.22 21:34, Angus Clarke wrote:
Hi Michael
I wrote this a long time back and we use it extensively. It mentions:
# requires krb5-pkinit (not installed on ipa client by default)
Otherwise something else is amiss I suppose.
Regards
Angus
after installation of the packet I can do a kinit -n and get the ANONYMOUS ticket.
But when I do a kinit with my user name I get:
$ kinit username
kinit: Pre-authentication failed: Invalid argument while getting initial credentials
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de<https://emea01.safelinks.protection.outlook.com/?url=h...;,
+49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
following the steps of the script I get one step further.
but still
$ kinit -T KCM:1286400012 username
Enter OTP Token Value:
kinit: Preauthentication failed while getting initial credentials
Are the any log files to check the auth process?
Mit freundlichen Grüßen,
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein