Unable to log in using LDAP at login screen, but kinit works?
Hi Guys,
Running into an issue that I was hopeful to get some help with.
Server: 10.6, Open Directory configured
Client: 10.7.3
Steps to reproduce:
a. Fire up the Lion client
b. Wait a few seconds for the login screen to show "Other"
c. Attempt to log in with a user that exists in the server-side directory (user, and associated pass)
d. Login screen fails.
Console on client reveals:
Mar 15 00:49:00 user123 loginwindow[4139]: Login Window Started Security Agent
Mar 15 00:49:00 user123 SecurityAgent[4149]: Echo enabled
Mar 15 00:49:16 user123 SecurityAgent[4149]: User info context values set for dquinlan
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): Got user: user123
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): Got ruser: (null)
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): Got service: authorization
Mar 15 00:49:16 user123 authorizationhost[4159]: in od_principal_for_user(): No authentication authority returned
Mar 15 00:49:16 user123 authorizationhost[4159]: in od_principal_for_user(): failed: 7
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): Done cleanup3
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): Kerberos 5 refuses you
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm
Mar 15 00:49:16 user123 authorizationhost[4159]: in pam_sm_authenticate(): OpenDirectory - The authtok is incorrect.
Logging into a local account on the same machine and checking the console, I can run kinit successfully, and then klist. This reveals:
bash-3.2$ klist
Credentials cache: API:502:2
Principal: user123@SERVER.OURCOMPANY.COM
Issued Expires Principal
Mar 15 00:57:08 Mar 15 10:57:03 krbtgt/SERVER.OURCOMPANY.COM@SERVER.OURCOMPANY.COM
Any ideas what the issue might be?
Thanks!
Alex
Mac OS X (10.6.8), Server