[Users] preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed
H. Haven Liu
haven.liu at ucla.edu
Mon Aug 19 22:24:08 UTC 2013
Hello,
I tried to add a IPA directory domain following these instructions: https://www.rvanderlinden.net/wordpress/ovirt/administrator-portal/administrator-portal-authentication-via-ipa/
It appears the domain was added successfully, but cannot be validated:
[root at vhost1 ~]# engine-manage-domains -action=add -domain=domain.local -user=admin -provider=ipa -interactive
Enter password:
The domain domain.local has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.
Users from this domain can be granted permissions from the Web administration interface.
oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).
Manage Domains completed successfully
[root at vhost1 ~]# service ovirt-engine restart
Stopping engine-service: [ OK ]
Starting engine-service: [ OK ]
[root at vhost1 ~]# engine-manage-domains -action=validate -report
Error: exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
WARNING, domain: domain.local may not be functional: Failure while testing domain domain.local. Details: Kerberos error. Please check log for further details.
Manage Domains completed successfully
[root at vhost1 ~]#
krb5kdc.log has the following entries:
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 10.0.1.12: NEEDED_PREAUTH: admin at DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL, Additional pre-authentication required
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 ses=23}, admin at DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): TGS_REQ (6 etypes {18 17 16 23 1 3}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 ses=18}, admin at DOMAIN.LOCAL for ldap/auth.domain.local at DOMAIN.LOCAL
Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
Any idea?
Thanks,
Haven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130819/37aafdf2/attachment-0001.html>
More information about the Users
mailing list