IPA client error: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]

Solution Verified - Updated -

Issue

  • IPA client stop working, follwing error is logged in /var/log/messages:

    sssd[ldap_child[12345]]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Generic preauthentication failure. Unable to create GSSAPI-encrypted LDAP connection.

  • id command shows error "there is no such user".

  • IPA user login is failing due to following error in IPA client.

    (2024-04-03 11:55:40): [ldap_child[64284]] [ldap_child_get_tgt_sync] (0x0040): krb5_get_init_creds_keytab() failed: -1765328360
(2024-04-03 11:55:40): [ldap_child[64284]] [ldap_child_get_tgt_sync] (0x0010): Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Preauthentication failed. Unable to create GSSAPI-encrypted LDAP connection.
(2024-04-03 11:55:40): [ldap_child[64284]] [unique_filename_destructor] (0x2000): Unlinking [/var/lib/sss/db/ccache_EXAMPLE.TEST_2QAJ7b]
(2024-04-03 11:55:40): [ldap_child[64284]] [main] (0x0020): ldap_child_get_tgt_sync failed.
(2024-04-03 11:55:40): [ldap_child[64284]] [prepare_response] (0x0400): Building response for result [-1765328360]
(2024-04-03 11:55:40): [ldap_child[64284]] [pack_buffer] (0x2000): response size: 44
(2024-04-03 11:55:40): [ldap_child[64284]] [pack_buffer] (0x1000): result [14] krberr [-1765328360] msgsize [24] msg [Preauthentication failed]

Environment

  • Red Hat Enterprise Linux
    • Release 6
    • Release 7
    • Release 8
    • Release 9
  • IPA 4.x
  • sssd-2.9.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content