On 11/20/2012 03:14 PM, Simo Sorce wrote: > On Tue, 2012-11-20 at 16:09 +0200, Alexander Bokovoy wrote: >> Hi, >> >> attached patch expands error checks when obtaining Kerberos ticket in >> ipasam module. The change should cover observed corner cases which >> caused ipasam to fail obtaining the ticket. >> >> Without the patch one will get something similar to what I get below >> when manually moving time back on the server (with additional debug >> statements to show error codes): >> Nov 20 14:01:29 signfinity winbindd[15759]: GSSAPI Error: Unspecified GSS >> failure. Minor code may provide more information (Ticket not yet valid) >> Nov 20 14:01:29 signfinity winbindd[15759]: [2012/11/20 14:01:29.616951, 0] >> ipa_sam.c:3829(bind_callback) >> Nov 20 14:01:29 signfinity winbindd[15759]: bind_callback: >> ldap_sasl_interactive_bind_s() call returned -2, kerberos code is 0 >> Nov 20 14:01:29 signfinity winbindd[15759]: [2012/11/20 14:01:29.618787, 0] >> ../source3/lib/smbldap.c:998(smbldap_connect_system) >> Nov 20 14:01:29 signfinity winbindd[15759]: failed to bind to server >> ldapi://%2fvar%2frun%2fslapd-IPA-TEAM.socket with dn="[Anonymous bind]" >> Error: Local error >> Nov 20 14:01:29 signfinity winbindd[15759]: #011SASL(-1): generic failure: >> GSSAPI Error: Unspecified GSS failure. Minor code may provide more >> information (Ticket not yet valid >> >> After patching it now looks like this: >> Nov 20 15:00:04 signfinity winbindd[18693]: GSSAPI Error: Unspecified GSS >> failure. Minor code may provide more information (Ticket not yet valid) >> Nov 20 15:00:04 signfinity winbindd[18693]: [2012/11/20 15:00:04.403051, 0] >> ipa_sam.c:3829(bind_callback) >> Nov 20 15:00:04 signfinity winbindd[18693]: bind_callback: >> ldap_sasl_interactive_bind_s() call returned -2, kerberos code is 0 >> Nov 20 15:00:20 signfinity winbindd[18693]: [2012/11/20 15:00:20.090270, 0] >> ipa_sam.c:3829(bind_callback) >> Nov 20 15:00:20 signfinity winbindd[18693]: bind_callback: >> ldap_sasl_interactive_bind_s() call returned 0, kerberos code is 0 >> >> as you can see, winbindd has recovered automatically. > > ACK > > Simo. >
Pushed to master, ipa-3-0. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel