On Tue, Sep 5, 2017 at 2:43 PM, Jakub Hrozek via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
> - is there a filed called kdcinfo.YOURDOMAIN in /var/lib/sss/pubconf/ ?
>   What does it contain?

There is, and it contains '128.112.24.29' with no EOL (the IP address
for auth.astro.princeton.edu, the KDC that it contacted and the one
machine that allows user logins via password on the web UI)

> - can you show your krb5.conf?

includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = ASTRO.PRINCETON.EDU
dns_lookup_realm = false
dns_lookup_kdc = false
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
ASTRO.PRINCETON.EDU = {
  kdc = ipa.astro.princeton.edu:88
  master_kdc = ipa.astro.princeton.edu:88
  admin_server = ipa.astro.princeton.edu:749
  kdc = auth.astro.princeton.edu:88
  master_kdc = auth.astro.princeton.edu:88
  admin_server = auth.astro.princeton.edu:749
  kdc = jedgar.astro.princeton.edu:88
  master_kdc = jedgar.astro.princeton.edu:88
  admin_server = jedgar.astro.princeton.edu:749
  default_domain = astro.princeton.edu
  pkinit_anchors = FILE:/etc/ipa/ca.crt
}

[domain_realm]
.astro.princeton.edu = ASTRO.PRINCETON.EDU
astro.princeton.edu = ASTRO.PRINCETON.EDU

[dbmodules]
  ASTRO.PRINCETON.EDU = {
    db_library = ipadb.so
}


> - can you strace the kinit?

Output here: https://www.dropbox.com/s/8r1ocrufj924trv/kinit.out?dl=0

-- 
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
  Princeton University  |    ICBM Address: 40.346344   -74.652242
    345 Lewis Library   |"On my ship, the Rocinante, wheeling through
  Princeton, NJ   08544 | the galaxies; headed for the heart of Cygnus,
    (267) 793-0852      | headlong into mystery."  -Rush, 'Cygnus X-1'
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to