[Users] preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed

Haoyang Haven Liu haven.liu at ucla.edu
Tue Aug 20 03:38:50 UTC 2013


Never mind. It is apparently because my admin password contained an "illegal" character. 

Haven

On Aug 19, 2013, at 3:24 PM, "H. Haven Liu" <haven.liu at ucla.edu> wrote:

> Hello,
> 
> I tried to add a IPA directory domain following these instructions: https://www.rvanderlinden.net/wordpress/ovirt/administrator-portal/administrator-portal-authentication-via-ipa/
> 
> It appears the domain was added successfully, but cannot be validated:
> 
> [root at vhost1 ~]# engine-manage-domains -action=add -domain=domain.local -user=admin -provider=ipa -interactive
> Enter password:
> 
> The domain domain.local has been added to the engine as an authentication source but no users from that domain have been granted permissions within the oVirt Manager.
> Users from this domain can be granted permissions from the Web administration interface.
> oVirt Engine restart is required in order for the changes to take place (service ovirt-engine restart).
> Manage Domains completed successfully
> [root at vhost1 ~]# service ovirt-engine restart
> Stopping engine-service: [  OK  ]
> Starting engine-service: [  OK  ]
> [root at vhost1 ~]# engine-manage-domains -action=validate -report
> Error:  exception message: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
> WARNING, domain: domain.local may not be functional: Failure while testing domain domain.local. Details: Kerberos error. Please check log for further details.
> Manage Domains completed successfully
> [root at vhost1 ~]# 
> 
> krb5kdc.log has the following entries:
> Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 10.0.1.12: NEEDED_PREAUTH: admin at DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL, Additional pre-authentication required
> Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
> Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): AS_REQ (1 etypes {23}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 ses=23}, admin at DOMAIN.LOCAL for krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL
> Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
> Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): TGS_REQ (6 etypes {18 17 16 23 1 3}) 10.0.1.12: ISSUE: authtime 1376950566, etypes {rep=23 tkt=18 ses=18}, admin at DOMAIN.LOCAL for ldap/auth.domain.local at DOMAIN.LOCAL
> Aug 19 15:16:06 auth.domain.local krb5kdc[4572](info): closing down fd 10
> 
> Any idea?
> 
> Thanks,
> 
> Haven
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130819/cdd7217d/attachment-0001.html>


More information about the Users mailing list