RHEV: Error from Kerberos: Integrity check on decrypted field failed

There is an almost brand new RHEV 3.0 installation.
Old users can authenticate and can be listed on the administration interface, but a new user cannot be added.
In the IPA log no relevant information or error message, only the same as in the rhev.log:

2012-02-01 09:51:13,189 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (pool-10-thread-3) Error from Kerberos: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
2012-02-01 09:51:13,189 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (http-0.0.0.0-8443-1) Failed ldap search server LDAP://ipa.domain.org:389 due to org.ovirt.engine.core.bll.adbroker.RhevmDirectoryServiceException. We should not try the next server
org.ovirt.engine.core.bll.adbroker.RhevmDirectoryServiceException

Solution: by default IPA password policy require to change the passwords from time to time. RHEV was installed before changing the password of the user, who used accessing IPA.
So change back the password and error disappear.

avatar

About tompos

Hungary, Budapest
This entry was posted in IT, RedHat. Bookmark the permalink.

Leave a Reply