Please advise. freeipa server and client install with no issues. On the client machine, the admin can logout, a new user (added to freeipa server) can type their user name and (default password)... They are then prompted to change their password and have a home directory created.
My issue is this: Once the client machine is rebooted, then a new user types their username and default password but is not prompted to change their password, and is denied access. I have reviewed logs and cannot seem to locate the issue.
The output from tail -f /var/log/krb5kdc.log
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16151](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.xx.xx: CLIENT KEY EXPIRED: user1@XXX.com for krbtgt/XXX.com@XXX.com, Password has expired
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16151](info): closing down fd 12
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.xx.xx: NEEDED_PREAUTH: user1@XXX.com for krbtgt/XXX.com@XXX.com, Password has expired
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): closing down fd 12
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): AS_REQ (8 etypes {18 17 20 19 16 23 25 26}) 192.168.xx.xx: FIND_FAST: <unknown client> for <unknown server>, Clock skew too great while handling ap-request armor
Jan 01 09:44:42 ipaserver.xxx.com krb5kdc[16150](info): closing down fd 12
Update: The system seems to be working, however there seems to be a 10 to 15 minute delay after power on for the server to recognize the client machine...meaning that user1 is unable to login for a period of time.
How in the world can I improve the performance of freeipa? Thank you for your time
My initial setup:
# ipa-client-install --enable-dns-updates -mkhomedir
While ipa-client-install initially configured ntp, the service would fail upon reboot. The following command unsures its success
# timedatectl set-ntp true
hope this helps someone
freeipa client, user login fail [SOLVED]
Issues related to applications and software problems
-
- Posts: 1
- Joined: 2018/12/28 01:57:39
Return to “CentOS 7 - Software Support”
Jump to
- CentOS General Purpose
- ↳ CentOS - FAQ & Readme First
- ↳ Announcements
- ↳ CentOS Social
- ↳ User Comments
- ↳ Website Problems
- CentOS 8 / 8-Stream / 9-Stream
- ↳ 8 /8-Stream / 9-Stream - General Support
- ↳ 8 /8-Stream / 9-Stream - Hardware Support
- ↳ 8 /8-Stream / 9-Stream - Networking Support
- ↳ 8 /8-Stream / 9-Stream - Security Support
- CentOS 7
- ↳ CentOS 7 - General Support
- ↳ CentOS 7 - Software Support
- ↳ CentOS 7 - Hardware Support
- ↳ CentOS 7 - Networking Support
- ↳ CentOS 7 - Security Support
- CentOS Legacy Versions
- ↳ CentOS 5
- ↳ CentOS 5 - General Support
- ↳ CentOS 5 - Software Support
- ↳ CentOS 5 - Hardware Support
- ↳ CentOS 5 - Networking Support
- ↳ CentOS 5 - Server Support
- ↳ CentOS 5 - Security Support
- ↳ CentOS 5 - Oracle Installation and Support
- ↳ CentOS 5 - Miscellaneous Questions
- ↳ CentOS 6
- ↳ CentOS 6 - General Support
- ↳ CentOS 6 - Software Support
- ↳ CentOS 6 - Hardware Support
- ↳ CentOS 6 - Networking Support
- ↳ CentOS 6 - Security Support