[Freeipa-users] Cannot connect to FreeIPA web UI anymore

[Fujisan]

More info:

I can initiate a ticket:
$ kdestroy
$ kinit admin

but cannot view user admin:
$ ipa user-show admin
ipa: ERROR: cannot connect to 'https://zaira2.opera/ipa/json': Unauthorized

$ ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
ipa_memcached Service: RUNNING
httpd Service: RUNNING
pki-tomcatd Service: RUNNING
smb Service: RUNNING
winbind Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful

/var/log/messages:
Oct  2 14:48:55 zaira2 [sssd[ldap_child[4991]]]: Failed to initialize
credentials using keytab [MEMORY:/etc/krb5.keytab]: Decrypt integrity check
failed. Unable to create GSSAPI-encrypted LDAP connection.



On Fri, Oct 2, 2015 at 2:26 PM, Fujisan <fujisan43 at gmail.com> wrote:

> Hello,
>
> I cannot login to the web UI anymore.
>
> The password or username you entered is incorrect.
>
> Log says:
>
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17
> 16 23 25 26 1 3 2}) 10.0.21.18: NEEDED_PREAUTH: HTTP/zaira2.opera at OPERA
> for krbtgt/OPERA at OPERA, Additional pre-authentication required
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): preauth
> (encrypted_timestamp) verify failure: Decrypt integrity check failed
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): AS_REQ (9 etypes {18 17
> 16 23 25 26 1 3 2}) 10.0.21.18: PREAUTH_FAILED: HTTP/zaira2.opera at OPERA
> for krbtgt/OPERA at OPERA, Decrypt integrity check failed
> Oct 02 14:22:57 zaira2.opera krb5kdc[3225](info): closing down fd 12
>
>
> I have no idea what went wrong.
>
> What can I do?
>
> ​Regards,
> Fuji​
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151002/1eb7c8c7/attachment.htm>