(Thu Aug 10 02:47:25 2017) [sssd[be[ipa.corp.example.com]]] [sdap_get_tgt_recv] (0x0400): Child responded: 14 [Client not found in Kerberos database], expired on [0] (Thu Aug 10 02:47:25 2017) [sssd[be[ipa.corp.example.com]]] [sdap_kinit_done] (0x0100): Could not get TGT: 14 [Bad address] (Thu Aug 10 02:47:25 2017) [sssd[be[ipa.corp.example.com]]] [sdap_cli_kinit_done] (0x0400): Cannot get a TGT: ret [1432158219](Authentication Failed) (Thu Aug 10 02:47:25 2017) [sssd[be[ipa.corp.example.com]]] [_be_fo_set_port_status] (0x8000): Setting status: PORT_NOT_WORKING. Called from: src/providers/ldap/sdap_async_connection.c: sdap_cli_connect_recv: 2023
This means the client is not enrolled to IPA or it’s using a different principal that it’s supposed to. It is attempting kinit with host/ab01.sg.aws.example.com <http://ab01.sg.aws.example.com/> and the IPA server doesn’t know this principal. You can reproduce the same thing with “kinit -k”. Btw seeing this is AWS, please check if the hostname or the value of ipa_hostname matches the hostnames in the keytab (see "klist -k”). > On 10 Aug 2017, at 06:18, Supratik Goswami <supratiksek...@gmail.com> wrote: > > <sssd_logs.log>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org