Hi,
I ran into this issue. I logged into FAS and waited for long time (cca 1 hour), but still I get same error:
kinit: Client 'zdohnal@FEDORAPROJECT.ORG' not found in Kerberos database while getting initial credentials
There is my debug output (same as gil and Dmitrij):
http://paste.fedoraproject.org/505248/48153744/
My set of packages:
fedpkg-1.26-2.fc25.noarch koji-1.11.0-1.fc25.noarch python2-cccolutils-1.4-1.fc25.x86_64 fedora-packager-0.6.0.0-1.fc25.noarch pyrpkg-1.47-3.fc25.noarch
I changed /etc/krb5.conf.d/fedoraproject_org file into this:
[realms] FEDORAPROJECT.ORG = { kdc = https://id.fedoraproject.org/KdcProxy } [domain_realm] .fedoraproject.org = FEDORAPROJECT.ORG fedoraproject.org = FEDORAPROJECT.ORG
and my /etc/krb5.conf file has line with includedir. I talked about it on IRC channel #fedora-admin, where they told me it is some sync problem. I have default /etc/koji.conf file and "koji build f26 --scratch $(fedpkg giturl)" ends with with Kerberos authentication failed: Server not found in Kerberos database (-1765328377). For me as package maintainer is this issue really critical.
Solved with puiterwijk's help. It was IPA bug, temporary workaround was creating a new FAS account.
You should not need to create a new account... @puiterwijk fixed the sync from fas to ipa for your account, so you should now be able to login to FAS, change your password and then kinit should work.
From our communication on #fedora-admin IRC channel:
(02:57:27 PM) puiterwijk: zdohnal: yeah, I know. IPA is refusing to create your account... (02:58:14 PM) puiterwijk: It's a problem I reported to IPA developers a long while ago.. Let me do a temporary fix for you (02:58:21 PM) jsilhan [jsilhan@nat/redhat/x-kkutkikwmvmazlse] entered the room. (02:58:43 PM) puiterwijk: .fasinfo zdohnal (02:58:46 PM) zodbot: puiterwijk: User: zdohnal, Name: Zdenek Dohnal, email: zdohnal@redhat.com, Creation: 2016-03-02, IRC Nick: None, Timezone: UTC, Locale: en, GPG key ID: None, Status: active (02:58:48 PM) zodbot: puiterwijk: Approved Groups: fedorabugs packager cla_done cla_fpca (03:00:09 PM) puiterwijk: zdohnal: can you please change your password in FAS? I just created your account, and that'll make sure you know the password (03:00:24 PM) puiterwijk: (the whole reason we need to create the account on login is because we otherwise do not have your password)
I understood that like he created a new account...
per irc this seems to be solved:
zdohnal> nirik: nope, that we solved with puiterwijk . This time I encountered fail in build, but it works now, thank you :)
:department_store:
@kevin changed the status to Closed
Closed
Yes, it was solved by workaround of creating a new FAS account... but that bug in IPA seems to be still here (because IMHO creating new account does not seem as standard and acceptable behavior).
(03:00:09 PM) puiterwijk: zdohnal: can you please change your password in FAS? I just created your account, and that'll make sure you know the password
I think there is a small misunderstanding here, I believe what Patrick did was to sync you account in IPA and since this was the first sync it "created" the account on the IPA server (ie: he manually synced your account from FAS to IPA instead of the sync happening automatically). He did not create a new FAS account. The proof is: your are still using the same username no? :)
OK, sorry, my bad. I misunderstood it.
Login to comment on this ticket.