----- Original Message ----- From: "David Kupka" <dku...@redhat.com> To: "Pavel Picka" <ppi...@redhat.com>, freeipa-users@redhat.com Sent: Thursday, June 9, 2016 1:45:26 PM Subject: Re: [Freeipa-users] SSH login to client
On 09/06/16 13:18, Pavel Picka wrote: > Hi, > > Have anyone experience, when create user on ipa-server, and want to login on > client with this user I get : > > Permission denied, please try again. > Permission denied, please try again. > Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). > > (with kinit [1st time change] was password changed to new one) > even with another change with ipa user-mod --password I am getting same result > > and on client in /var/log/messages found : > > Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check > failed > Jun 9 12:36:02 rhel04 [sssd[krb5_child[4635]]]: Decrypt integrity check > failed > Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check > failed > Jun 9 12:36:05 rhel04 [sssd[krb5_child[4637]]]: Decrypt integrity check > failed > Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check > failed > Jun 9 12:36:28 rhel04 [sssd[krb5_child[4641]]]: Decrypt integrity check > failed > > > > -- > Pavel Picka > Hi Pavel! I have few questions that may help locating the issue: Are you able to kinit as the user on server and client? - kinit is ok on both Are you able to ssh to the client as the admin? - no I am not able to use 'admin' to ssh to client What is the output of "id user" on client? [root@rhel04 ~]# id tuser uid=418200001(tuser) gid=418200001(tuser) groups=418200001(tuser) I have noticed I am able ssh when 'kinit user' is active For detailed logs here is ssh -vvv http://pastebin.test.redhat.com/382140 @Sumit I found /var/log/sssd/krb5_child.log empty, but didn't set log level to 10, is it done by krb5.conf or else? -- David Kupka -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project