Ask Your Question

Revision history [back]

Fedora 26: sorry, that didn't work, please try again (Enterprise Login)

Having restored a 'broken' Domain Controller (Zentyal) from a snapshot, I had to rejoin all the windows devices to the domain. My Fedora workstation has proved somewhat more difficult.

I have been able to successfully rejoin my Fedora workstation to the domain, but I am unable to login to the workstation using any domain user (whether one that has previously logged on, or a new account).

When I try to login with a domain account I get an error of "sorry, that didn't work, please try again".

However, when I take the workstation offline (i.e. disconnect from the network), I can login with an old (cached) password. Whilst logged in, I can reconnect to the network and access all my resources that are not Windows orientated.

I have found a few references to similar issues, and I have attempted to resolve my issue following their solutions but to no avail. Help, would be gratefully received.

Other information: -

  • Not surprisingly, the cached password stays the same when I change the domain users password.
  • On one account, I get notification that the password is about to expire (which it is) before I get the error message "sorry, that didn't work, please try again".
  • The problem persists regardless of whether I use the GUI or text mode.
  • If I try to reconnect via the Enterprise Login (Kerberos) Account (in Online Accounts) the error message reads "Error connecting to the Enterprise identity server: Timeout was reached".
  • The domain controller is Zentyal 4.2.11

Thanks in advance.

Fedora 26: sorry, that didn't work, please try again (Enterprise Login)

Having restored a 'broken' Domain Controller (Zentyal) from a snapshot, I had to rejoin all the windows devices to the domain. My Fedora workstation has proved somewhat more difficult.

I have been able to successfully rejoin my Fedora workstation to the domain, but I am unable to login to the workstation using any domain user (whether one that has previously logged on, or a new account).

When I try to login with a domain account I get an error of "sorry, that didn't work, please try again".

However, when I take the workstation offline (i.e. disconnect from the network), I can login with an old (cached) password. Whilst logged in, I can reconnect to the network and access all my resources that are not Windows orientated.

I have found a few references to similar issues, and I have attempted to resolve my issue following their solutions but to no avail. Help, would be gratefully received.

Other information: -

  • Not surprisingly, the cached password stays the same when I change the domain users password.
  • On one account, I get notification that the password is about to expire (which it is) before I get the error message "sorry, that didn't work, please try again".
  • The problem persists regardless of whether I use the GUI or text mode.
  • If I try to reconnect via the Enterprise Login (Kerberos) Account (in Online Accounts) the error message reads "Error connecting to the Enterprise identity server: Timeout was reached".
  • The domain controller is Zentyal 4.2.11

Thanks in advance.

Update 2017-10-13 19:40

Thank you sideburn for pulling me out of the rabbit hole. Logs are as follows, from pre login attempt to the time I pull the network cable out of my machine so I can login: -


Oct 12 17:35:07 kernel: r8169 0000:07:00.0 exp6s0: link down

Oct 12 17:35:05 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:35:05 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:35:04 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:54 kernel: USER_LOGIN pid=1870 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=0083990098 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=? res=failed'

Oct 12 17:34:52 gdm-session-wor: pam_sss(gdm-password:auth): received for user numpty@wdomain.local: 17 (Failure setting user credentials)

Oct 12 17:34:52 gdm-session-wor: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=numpty@wdomain.local

Oct 12 17:34:52 kernel: Preauthentication failed

Oct 12 17:34:52 kernel: USER_AUTH pid=1870 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="numpty@wdomain.local" exe="/usr/libexec/gdm-session-worker" hostname=computer.domain.local addr=? terminal=/dev/tty1 res=failed'

Oct 12 17:34:52 krb5_child: Preauthentication failed

Oct 12 17:34:45 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:45 kernel: USER_LOGIN pid=1864 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=0083990098 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=? res=failed'

Oct 12 17:34:44 gdm-session-wor: pam_sss(gdm-password:auth): received for user numpty@wdomain.local: 4 (System error)

Oct 12 17:34:44 gdm-session-wor: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=numpty@wdomain.local

Oct 12 17:34:44 kernel: Encryption type not permitted

Oct 12 17:34:44 kernel: USER_AUTH pid=1864 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="numpty@wdomain.local" exe="/usr/libexec/gdm-session-worker" hostname=computer.domain.local addr=? terminal=/dev/tty1 res=failed'

Oct 12 17:34:43 krb5_child: Encryption type not permitted

Oct 12 17:34:39 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:38 chronyd: Selected source 192.168.1.123

Oct 12 17:34:35 adcli: GSSAPI client step 2

Oct 12 17:34:35 avahi-daemon: Registering new address record for fe80::50e0:40ff:fe00:3f2a on exp6s0.*.

Oct 12 17:34:35 avahi-daemon: New relevant interface exp6s0.IPv6 for mDNS.

Oct 12 17:34:35 avahi-daemon: Joining mDNS multicast group on interface exp6s0.IPv6 with address fe80::50e0:40ff:fe00:3f2a.

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Startup finished in 3.291s (kernel) + 3.300s (initrd) + 7.606s (userspace) = 14.197s.

Oct 12 17:34:35 systemd: Started Update UTMP about System Runlevel Changes.

Oct 12 17:34:35 kernel: SYSTEM_RUNLEVEL pid=1862 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=5 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Starting Update UTMP about System Runlevel Changes...

Oct 12 17:34:35 systemd: Reached target Graphical Interface.

Oct 12 17:34:35 systemd: Reached target Multi-User System.

Oct 12 17:34:35 systemd: Started Hold until boot process finishes up.

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Received SIGRTMIN+21 from PID 385 (plymouthd).

Oct 12 17:34:35 nm-dispatcher: req:8 'connectivity-change': start running ordered scripts...

Oct 12 17:34:35 nm-dispatcher: req:8 'connectivity-change': new request (6 scripts)

Oct 12 17:34:35 NetworkManager: <info> [1507826075.3061] manager: NetworkManager state is now CONNECTED_GLOBAL


I then went 'a Googling' , and came across this page sssd_ad kerberos passwords which described a similar issue. I followed the testing (but not the workaround) and these were the results (and commands).


[numpty@wdomain.local@computer ~]$ host -t SRV _kerberos._udp.wdomain.local _kerberos._udp.wdomain.local has SRV record 100 100 8880 zentyal.wdomain.local. _kerberos._udp.wdomain.local has SRV record 0 100 88 zentyal.wdomain.local.

[numpty@wdomain.local@computer ~]$ kinit numpty Password for numpty@wdomain.local: Warning: Your password will expire in 363 days on Thu 11 Oct 2018 21:22:02 BST

[numpty@wdomain.local@computer ~]$ klist Ticket cache: KEYRING:persistent:0083990098:0083990098 Default principal: numpty@wdomain.local

Valid starting Expires Service principal 13/10/17 09:13:13 13/10/17 19:13:13 krbtgt/wdomain.local@wdomain.local renew until 20/10/17 09:13:07

[numpty@wdomain.local@computer ~]$ passwd Changing password for user numpty@wdomain.local. Current Password: New password: Retype new password: passwd: Authentication token manipulation error

The unexpected result of the passwd command was that it worked (on the remote user account) despite the error message

Still looking in to it.

Fedora 26: sorry, that didn't work, please try again (Enterprise Login)

Having restored a 'broken' Domain Controller (Zentyal) from a snapshot, I had to rejoin all the windows devices to the domain. My Fedora workstation has proved somewhat more difficult.

I have been able to successfully rejoin my Fedora workstation to the domain, but I am unable to login to the workstation using any domain user (whether one that has previously logged on, or a new account).

When I try to login with a domain account I get an error of "sorry, that didn't work, please try again".

However, when I take the workstation offline (i.e. disconnect from the network), I can login with an old (cached) password. Whilst logged in, I can reconnect to the network and access all my resources that are not Windows orientated.

I have found a few references to similar issues, and I have attempted to resolve my issue following their solutions but to no avail. Help, would be gratefully received.

Other information: -

  • Not surprisingly, the cached password stays the same when I change the domain users password.
  • On one account, I get notification that the password is about to expire (which it is) before I get the error message "sorry, that didn't work, please try again".
  • The problem persists regardless of whether I use the GUI or text mode.
  • If I try to reconnect via the Enterprise Login (Kerberos) Account (in Online Accounts) the error message reads "Error connecting to the Enterprise identity server: Timeout was reached".
  • The domain controller is Zentyal 4.2.11

Thanks in advance.

Update 2017-10-13 19:40

Thank you sideburn for pulling me out of the rabbit hole. Logs are as follows, from pre login attempt to the time I pull the network cable out of my machine so I can login: -


Oct 12 17:35:07 kernel: r8169 0000:07:00.0 exp6s0: link down

Oct 12 17:35:05 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:35:05 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:35:04 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:54 kernel: USER_LOGIN pid=1870 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=0083990098 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=? res=failed'

Oct 12 17:34:52 gdm-session-wor: pam_sss(gdm-password:auth): received for user numpty@wdomain.local: 17 (Failure setting user credentials)

Oct 12 17:34:52 gdm-session-wor: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=numpty@wdomain.local

Oct 12 17:34:52 kernel: Preauthentication failed

Oct 12 17:34:52 kernel: USER_AUTH pid=1870 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="numpty@wdomain.local" exe="/usr/libexec/gdm-session-worker" hostname=computer.domain.local addr=? terminal=/dev/tty1 res=failed'

Oct 12 17:34:52 krb5_child: Preauthentication failed

Oct 12 17:34:45 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:45 kernel: USER_LOGIN pid=1864 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=0083990098 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=? res=failed'

Oct 12 17:34:44 gdm-session-wor: pam_sss(gdm-password:auth): received for user numpty@wdomain.local: 4 (System error)

Oct 12 17:34:44 gdm-session-wor: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=numpty@wdomain.local

Oct 12 17:34:44 kernel: Encryption type not permitted

Oct 12 17:34:44 kernel: USER_AUTH pid=1864 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="numpty@wdomain.local" exe="/usr/libexec/gdm-session-worker" hostname=computer.domain.local addr=? terminal=/dev/tty1 res=failed'

Oct 12 17:34:43 krb5_child: Encryption type not permitted

Oct 12 17:34:39 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:38 chronyd: Selected source 192.168.1.123

Oct 12 17:34:35 adcli: GSSAPI client step 2

Oct 12 17:34:35 avahi-daemon: Registering new address record for fe80::50e0:40ff:fe00:3f2a on exp6s0.*.

Oct 12 17:34:35 avahi-daemon: New relevant interface exp6s0.IPv6 for mDNS.

Oct 12 17:34:35 avahi-daemon: Joining mDNS multicast group on interface exp6s0.IPv6 with address fe80::50e0:40ff:fe00:3f2a.

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Startup finished in 3.291s (kernel) + 3.300s (initrd) + 7.606s (userspace) = 14.197s.

Oct 12 17:34:35 systemd: Started Update UTMP about System Runlevel Changes.

Oct 12 17:34:35 kernel: SYSTEM_RUNLEVEL pid=1862 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=5 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Starting Update UTMP about System Runlevel Changes...

Oct 12 17:34:35 systemd: Reached target Graphical Interface.

Oct 12 17:34:35 systemd: Reached target Multi-User System.

Oct 12 17:34:35 systemd: Started Hold until boot process finishes up.

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Received SIGRTMIN+21 from PID 385 (plymouthd).

Oct 12 17:34:35 nm-dispatcher: req:8 'connectivity-change': start running ordered scripts...

Oct 12 17:34:35 nm-dispatcher: req:8 'connectivity-change': new request (6 scripts)

Oct 12 17:34:35 NetworkManager: <info> [1507826075.3061] manager: NetworkManager state is now CONNECTED_GLOBAL


I then went 'a Googling' , and came across this page sssd_ad kerberos passwords which described a similar issue. I followed the testing (but not the workaround) and these were the results (and commands).


[numpty@wdomain.local@computer ~]$ host -t SRV _kerberos._udp.wdomain.local _kerberos._udp.wdomain.local has SRV record 100 100 8880 zentyal.wdomain.local. _kerberos._udp.wdomain.local has SRV record 0 100 88 zentyal.wdomain.local.

[numpty@wdomain.local@computer ~]$ kinit numpty Password for numpty@wdomain.local: Warning: Your password will expire in 363 days on Thu 11 Oct 2018 21:22:02 BST

[numpty@wdomain.local@computer ~]$ klist Ticket cache: KEYRING:persistent:0083990098:0083990098 Default principal: numpty@wdomain.local

Valid starting Expires Service principal 13/10/17 09:13:13 13/10/17 19:13:13 krbtgt/wdomain.local@wdomain.local renew until 20/10/17 09:13:07

[numpty@wdomain.local@computer ~]$ passwd Changing password for user numpty@wdomain.local. Current Password: New password: Retype new password: passwd: Authentication token manipulation error

The unexpected result of the passwd command was that it worked (on the remote user account) despite the error message

Still looking in to it.

Fedora 26: sorry, that didn't work, please try again (Enterprise Login)

Having restored a 'broken' Domain Controller (Zentyal) from a snapshot, I had to rejoin all the windows devices to the domain. My Fedora workstation has proved somewhat more difficult.

I have been able to successfully rejoin my Fedora workstation to the domain, but I am unable to login to the workstation using any domain user (whether one that has previously logged on, or a new account).

When I try to login with a domain account I get an error of "sorry, that didn't work, please try again".

However, when I take the workstation offline (i.e. disconnect from the network), I can login with an old (cached) password. Whilst logged in, I can reconnect to the network and access all my resources that are not Windows orientated.

I have found a few references to similar issues, and I have attempted to resolve my issue following their solutions but to no avail. Help, would be gratefully received.

Other information: -

  • Not surprisingly, the cached password stays the same when I change the domain users password.
  • On one account, I get notification that the password is about to expire (which it is) before I get the error message "sorry, that didn't work, please try again".
  • The problem persists regardless of whether I use the GUI or text mode.
  • If I try to reconnect via the Enterprise Login (Kerberos) Account (in Online Accounts) the error message reads "Error connecting to the Enterprise identity server: Timeout was reached".
  • The domain controller is Zentyal 4.2.11

Thanks in advance.

Update 2017-10-13 19:40

Thank you sideburn sideburns for pulling me out of the rabbit hole. Logs are as follows, from pre login attempt to the time I pull the network cable out of my machine so I can login: -


Oct 12 17:35:07 kernel: r8169 0000:07:00.0 exp6s0: link down

Oct 12 17:35:05 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-localed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:35:05 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:35:04 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:54 kernel: USER_LOGIN pid=1870 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=0083990098 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=? res=failed'

Oct 12 17:34:52 gdm-session-wor: pam_sss(gdm-password:auth): received for user numpty@wdomain.local: 17 (Failure setting user credentials)

Oct 12 17:34:52 gdm-session-wor: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=numpty@wdomain.local

Oct 12 17:34:52 kernel: Preauthentication failed

Oct 12 17:34:52 kernel: USER_AUTH pid=1870 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="numpty@wdomain.local" exe="/usr/libexec/gdm-session-worker" hostname=computer.domain.local addr=? terminal=/dev/tty1 res=failed'

Oct 12 17:34:52 krb5_child: Preauthentication failed

Oct 12 17:34:45 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=NetworkManager-dispatcher comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:45 kernel: USER_LOGIN pid=1864 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=0083990098 exe="/usr/libexec/gdm-session-worker" hostname=? addr=? terminal=? res=failed'

Oct 12 17:34:44 gdm-session-wor: pam_sss(gdm-password:auth): received for user numpty@wdomain.local: 4 (System error)

Oct 12 17:34:44 gdm-session-wor: pam_sss(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=numpty@wdomain.local

Oct 12 17:34:44 kernel: Encryption type not permitted

Oct 12 17:34:44 kernel: USER_AUTH pid=1864 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="numpty@wdomain.local" exe="/usr/libexec/gdm-session-worker" hostname=computer.domain.local addr=? terminal=/dev/tty1 res=failed'

Oct 12 17:34:43 krb5_child: Encryption type not permitted

Oct 12 17:34:39 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=geoclue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:38 chronyd: Selected source 192.168.1.123

Oct 12 17:34:35 adcli: GSSAPI client step 2

Oct 12 17:34:35 avahi-daemon: Registering new address record for fe80::50e0:40ff:fe00:3f2a on exp6s0.*.

Oct 12 17:34:35 avahi-daemon: New relevant interface exp6s0.IPv6 for mDNS.

Oct 12 17:34:35 avahi-daemon: Joining mDNS multicast group on interface exp6s0.IPv6 with address fe80::50e0:40ff:fe00:3f2a.

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 adcli: GSSAPI client step 1

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=systemd-update-utmp-runlevel comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Startup finished in 3.291s (kernel) + 3.300s (initrd) + 7.606s (userspace) = 14.197s.

Oct 12 17:34:35 systemd: Started Update UTMP about System Runlevel Changes.

Oct 12 17:34:35 kernel: SYSTEM_RUNLEVEL pid=1862 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='old-level=N new-level=5 comm="systemd-update-utmp" exe="/usr/lib/systemd/systemd-update-utmp" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-start comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Starting Update UTMP about System Runlevel Changes...

Oct 12 17:34:35 systemd: Reached target Graphical Interface.

Oct 12 17:34:35 systemd: Reached target Multi-User System.

Oct 12 17:34:35 systemd: Started Hold until boot process finishes up.

Oct 12 17:34:35 kernel: SERVICE_STOP pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 kernel: SERVICE_START pid=1 uid=0 auid=xoxoxoxoxo ses=xoxoxoxoxo subj=system_u:system_r:init_t:s0 msg='unit=plymouth-quit-wait comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

Oct 12 17:34:35 systemd: Received SIGRTMIN+21 from PID 385 (plymouthd).

Oct 12 17:34:35 nm-dispatcher: req:8 'connectivity-change': start running ordered scripts...

Oct 12 17:34:35 nm-dispatcher: req:8 'connectivity-change': new request (6 scripts)

Oct 12 17:34:35 NetworkManager: <info> [1507826075.3061] manager: NetworkManager state is now CONNECTED_GLOBAL


I then went 'a Googling' , and came across this page sssd_ad kerberos passwords which described a similar issue. I followed the testing (but not the workaround) and these were the results (and commands).


[numpty@wdomain.local@computer ~]$ host -t SRV _kerberos._udp.wdomain.local _kerberos._udp.wdomain.local has SRV record 100 100 8880 zentyal.wdomain.local. _kerberos._udp.wdomain.local has SRV record 0 100 88 zentyal.wdomain.local.

[numpty@wdomain.local@computer ~]$ kinit numpty Password for numpty@wdomain.local: Warning: Your password will expire in 363 days on Thu 11 Oct 2018 21:22:02 BST

[numpty@wdomain.local@computer ~]$ klist Ticket cache: KEYRING:persistent:0083990098:0083990098 Default principal: numpty@wdomain.local

Valid starting Expires Service principal 13/10/17 09:13:13 13/10/17 19:13:13 krbtgt/wdomain.local@wdomain.local renew until 20/10/17 09:13:07

[numpty@wdomain.local@computer ~]$ passwd Changing password for user numpty@wdomain.local. Current Password: New password: Retype new password: passwd: Authentication token manipulation error

The unexpected result of the passwd command was that it worked (on the remote user account) despite the error message

Still looking in to it.


21:00 The error message passwd: Authentication token manipulation error seems to be getting me closer to the answer, but the answers I can find are related to local accounts and not domain accounts.