Am Mon, Apr 11, 2022 at 10:26:04AM -0300 schrieb Mateo Duffour:
> Hi,
> 
> We send the krb5_child.log attached as requested.
> The test was an ssh u...@adtest.xxx.xxx.xx@idmsrvpru.idmpru.xxx.xxx.xx from 
> our IdM server.

Hi,

thanks for the logs. The issue does not happen during Kerberos ticket
validation, as I thought but while trying to establish the FAST tunnel.

There should be two way to solve this. The first is setting

    krb5_use_fast = never

in the [domain/...] section of sssd.conf on every IPA client. The second
is to reestablish the trust as two-way trust with the '--two-way=True'
option of 'ipa trust-add'. I would recommend the latter.

HTH

bye,
Sumit

> 
> 
> Many thanks.
> 
> Lic. Mateo Duffour 
> Unidad Informática 
>       2901.40.91 
> 
> [ 
> http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay
>  | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] 
> [ http://www.fnr.gub.uy/ |    ] 
> 
> 
> 
> No me imprimas si no es necesario. Protejamos el medio ambiente. Este mensaje 
> y la información adjunta al mismo está dirigido exclusivamente a su 
> destinatario. Puede contener información confidencial, privilegiada o de uso 
> restringido, protegida por las normas. Si Ud. recibió este e-mail por error, 
> por favor, sírvase notificarle a quien se lo envió y borrar el original. 
> Cualquier otro uso del e-mail por Ud. está prohibido.
> 
> ----- Original Message -----
> From: "Sumit Bose" <sb...@redhat.com>
> To: "Mateo Duffour" <mduff...@fnr.gub.uy>
> Cc: "Alexander Bokovoy" <aboko...@redhat.com>, "Sumit Bose" 
> <sb...@redhat.com>, "freeipa-users" <freeipa-users@lists.fedorahosted.org>, 
> "tizo" <tiz...@gmail.com>
> Sent: Friday, 8 April, 2022 02:45:06
> Subject: Re: [Freeipa-users] Re: IdM with trust relationship with Samba AD DC 
> - User accounts with passwords expired
> 
> Am Thu, Apr 07, 2022 at 05:07:00PM -0300 schrieb Mateo Duffour:
> > Hi, 
> > 
> > The last answer that we received on bugzilla and on samba lists sais "Your 
> > kpasswd is expecting FAST support which has been added in samba 4.16. So 
> > you either have to disable FAST or upgrade first." 
> > 
> > We've upgraded our Samba server version to 4.16.0 and we're getting this 
> > error now (when trying to login with any user from our IdM server): 
> > 
> > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error 
> > constructing AP-REQ armor: Server 
> > krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database 
> > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx krb5_child[4846]: Error 
> > constructing AP-REQ armor: Server 
> > krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database 
> 
> Hi,
> 
> looks like there are issues requesting the cross-realm TGT, it would be
> good to see the full krb5_child.log file with 'debug_level = 9' in the
> [domain/...] section of sssd.conf to maybe better understand why this fails.
> 
> I would expect that the cross-realm TGT is requested during the
> validation of the Kerberos ticket. You can disable the validation as a
> workaround by adding
> 
>     krb5_validate = false
> 
> in the [domain/...] section of sssd.conf, see man sssd-krb5 for details.
> 
> bye,
> Sumit
> 
> > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: pam_sss(sshd:auth): 
> > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.9.9.4 
> > user=u...@adtest.xxx.xxx.xx 
> > Apr 07 11:50:46 idmsrvpru.idmpru.xxx.xxx.xx sshd[4842]: pam_sss(sshd:auth): 
> > received for user u...@adtest.xxx.xxx.xx : 4 (System error) 
> > Apr 07 11:50:48 idmsrvpru.idmpru.xxx.xxx.xx sshd[4840]: error: PAM: 
> > Authentication failure for u...@adtest.xxx.xxx.xx from 10.9.9.4 
> > 
> > Any help is appreciated, regards. 
> > 
> > Lic. Mateo Duffour 
> > Unidad Informática 
> >     2901.40.91 
> > 
> > [ 
> > http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay
> >  | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] 
> > [ http://www.fnr.gub.uy/ |    ] 
> > 
> > 
> > 
> > No me imprimas si no es necesario. Protejamos el medio ambiente. Este 
> > mensaje y la información adjunta al mismo está dirigido exclusivamente a su 
> > destinatario. Puede contener información confidencial, privilegiada o de 
> > uso restringido, protegida por las normas. Si Ud. recibió este e-mail por 
> > error, por favor, sírvase notificarle a quien se lo envió y borrar el 
> > original. Cualquier otro uso del e-mail por Ud. está prohibido. 
> > 
> > 
> > From: "Mateo Duffour" <mduff...@fnr.gub.uy> 
> > To: "Alexander Bokovoy" <aboko...@redhat.com> 
> > Cc: "Sumit Bose" <sb...@redhat.com>, "freeipa-users" 
> > <freeipa-users@lists.fedorahosted.org>, "tizo" <tiz...@gmail.com> 
> > Sent: Friday, 11 March, 2022 15:49:31 
> > Subject: Re: [Freeipa-users] Re: IdM with trust relationship with Samba AD 
> > DC - User accounts with passwords expired 
> > 
> > Hi, 
> > 
> > We are experiencing the same behavior on Samba AD DC 4.15.5, we are going 
> > to report a bug on bugzilla.samba.org as you suggested. 
> > 
> > 
> > Thanks again. 
> > 
> > Lic. Mateo Duffour 
> > Unidad Informática 
> >     2901.40.91 
> > 
> > [ 
> > http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay
> >  | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] 
> > [ http://www.fnr.gub.uy/ |    ] 
> > 
> > 
> > 
> > No me imprimas si no es necesario. Protejamos el medio ambiente. Este 
> > mensaje y la información adjunta al mismo está dirigido exclusivamente a su 
> > destinatario. Puede contener información confidencial, privilegiada o de 
> > uso restringido, protegida por las normas. Si Ud. recibió este e-mail por 
> > error, por favor, sírvase notificarle a quien se lo envió y borrar el 
> > original. Cualquier otro uso del e-mail por Ud. está prohibido. 
> > 
> > 
> > From: "Alexander Bokovoy" <aboko...@redhat.com> 
> > To: "Mateo Duffour" <mduff...@fnr.gub.uy> 
> > Cc: "Sumit Bose" <sb...@redhat.com>, "freeipa-users" 
> > <freeipa-users@lists.fedorahosted.org>, "tizo" <tiz...@gmail.com> 
> > Sent: Friday, 11 March, 2022 15:03:58 
> > Subject: Re: [Freeipa-users] Re: IdM with trust relationship with Samba AD 
> > DC - User accounts with passwords expired 
> > 
> > On pe, 11 maalis 2022, Mateo Duffour wrote: 
> > 
> > 
> > Hi, 
> > 
> > We installed Samba AD DC from this repo [ 
> > https://samba.tranquil.it/redhat8/samba-4.14.10/ | 
> > https://samba.tranquil.it/redhat8/samba-4.14.10/ ] Its running over 
> > Roky Linux and it's on a trust relationship with IdM. 
> > 
> > 
> > 
> > Thanks. So this is a build with embedded Heimdal Kerberos version and a 
> > relatively old one. 
> > 
> > This sounds like a bug worth opening Samba upstream. There is nothing 
> > specific to FreeIPA in this communication, though. What happens is that 
> > a Kerberos client (in this case kpasswd) attempts to change a password 
> > and fails when expecting a response on Kerberos level from Samba AD DC. 
> > 
> > It may be mix of expectations between kpasswd from MIT Kerberos (on 
> > Rocky) and Heimdal (embedded in Samba AD DC), but to fix it you'd need 
> > to talk to Samba AD developers. 
> > 
> > Please open a bug at bugzilla.samba.org, attach this capture and 
> > kpasswd trace logs. Also please provide details to what Samba build is 
> > this in the bug report. 
> > 
> > Prior doing that, may be try an upgrade to Samba 4.15.5 which is 
> > available in the same repositories from Tranquil IT. 
> > (https://samba.tranquil.it/redhat8/). 
> > 
> > 
> > BQ_BEGIN
> > 
> > 
> > Regards, 
> > 
> > Lic. Mateo Duffour 
> > Unidad Informática 
> > 2901.40.91 
> > 
> > [ 
> > http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay
> >  | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] 
> > [ http://www.fnr.gub.uy/ | ] 
> > 
> > 
> > 
> > No me imprimas si no es necesario. Protejamos el medio ambiente. Este 
> > mensaje y la información adjunta al mismo está dirigido exclusivamente a su 
> > destinatario. Puede contener información confidencial, privilegiada o de 
> > uso restringido, protegida por las normas. Si Ud. recibió este e-mail por 
> > error, por favor, sírvase notificarle a quien se lo envió y borrar el 
> > original. Cualquier otro uso del e-mail por Ud. está prohibido. 
> > 
> > 
> > From: "Alexander Bokovoy" <aboko...@redhat.com> 
> > To: "Mateo Duffour" <mduff...@fnr.gub.uy> 
> > Cc: "Sumit Bose" <sb...@redhat.com>, "freeipa-users" 
> > <freeipa-users@lists.fedorahosted.org>, "tizo" <tiz...@gmail.com> 
> > Sent: Friday, 11 March, 2022 14:07:58 
> > Subject: Re: [Freeipa-users] Re: IdM with trust relationship with Samba AD 
> > DC - User accounts with passwords expired 
> > 
> > On pe, 11 maalis 2022, Mateo Duffour wrote: 
> > 
> > 
> > Hi, 
> > 
> > I've send the network capture attached, it was made with tcpdump in the 
> > IdM server to the Samba AD DC server, while trying to log in with ssh 
> > with user5. 
> > 
> > 
> > 
> > Hi, 
> > 
> > can you give more details about this Samba AD DC installation? What 
> > Samba version is that? How was it built? 
> > 
> > 
> > 
> > 
> > BQ_BEGIN 
> > 
> > Regards, 
> > 
> > Lic. Mateo Duffour 
> > Unidad Informática 
> > 2901.40.91 
> > 
> > [ 
> > http://maps.apple.com/?q=18%20de%20julio%20985%20-%20Piso%204,Montevideo,Uruguay
> >  | 18 de julio 985 - Piso 3, Montevideo, Uruguay ] 
> > [ http://www.fnr.gub.uy/ | ] 
> > 
> > 
> > 
> > No me imprimas si no es necesario. Protejamos el medio ambiente. Este 
> > mensaje y la información adjunta al mismo está dirigido exclusivamente a su 
> > destinatario. Puede contener información confidencial, privilegiada o de 
> > uso restringido, protegida por las normas. Si Ud. recibió este e-mail por 
> > error, por favor, sírvase notificarle a quien se lo envió y borrar el 
> > original. Cualquier otro uso del e-mail por Ud. está prohibido. 
> > 
> > 
> > From: "tizo" <tiz...@gmail.com> 
> > To: "freeipa-users" <freeipa-users@lists.fedorahosted.org> 
> > Cc: "Mateo Duffour" <mduff...@fnr.gub.uy>, "Alexander Bokovoy" 
> > <aboko...@redhat.com>, "Sumit Bose" <sb...@redhat.com> 
> > Sent: Friday, 11 March, 2022 11:38:50 
> > Subject: Re: [Freeipa-users] Re: IdM with trust relationship with Samba AD 
> > DC - User accounts with passwords expired 
> > 
> > 
> > 
> > 
> > Hi, 
> > 
> > this is still the same pattern. Would it be possible to get a network 
> > trace to better understand how the KDC reply looks like and what might 
> > not be as expected by libkrb5? 
> > 
> > Additionally, can you try to set the password for the user with the 
> > expired password with 
> > 
> > KRB5_TRACE=/dev/stdout kpasswd usu5@ADTEST..... 
> > 
> > and send the output? 
> > 
> > bye, 
> > Sumit 
> > 
> > 
> > 
> > 
> > 
> > Hi there. I work with Mateo. We are sending the network capture in some 
> > minutes, but to get ahead I am sending the other test: 
> > 
> > # KRB5_TRACE=/dev/stdout kpasswd u...@adtest.xxx.xxx.xx 
> > [47521] 1647008539.753136: Getting initial credentials for 
> > u...@adtest.xxx.xxx.xx 
> > [47521] 1647008539.753137: FAST armor ccache: KCM:0:84390 
> > [47521] 1647008539.753138: Retrieving 
> > host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> > krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.XXX.XXX.XX\@ADTEST.XXX.XXX.XX@X-CACHECONF:
> >  from KCM:0:84390 with result: -1765328243/Matching credential not found 
> > [47521] 1647008539.753139: Setting initial creds service to kadmin/changepw 
> > [47521] 1647008539.753140: FAST armor ccache: KCM:0:84390 
> > [47521] 1647008539.753141: Retrieving 
> > host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> > krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.XXX.XXX.XX\@ADTEST.XXX.XXX.XX@X-CACHECONF:
> >  from KCM:0:84390 with result: -1765328243/Matching credential not found 
> > [47521] 1647008539.753143: Sending unauthenticated request 
> > [47521] 1647008539.753144: Sending request (179 bytes) to ADTEST.XXX.XXX.XX 
> > [47521] 1647008539.753145: Initiating TCP connection to stream [ 
> > http://10.2.100.4:88/ | 10.2.100.4:88 ] 
> > [47521] 1647008540.776855: Initiating TCP connection to stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008540.776856: Sending TCP request to stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008540.776857: Received answer (278 bytes) from stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008540.776858: Terminating TCP connection to stream [ 
> > http://10.2.100.4:88/ | 10.2.100.4:88 ] 
> > [47521] 1647008540.776859: Terminating TCP connection to stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008540.776860: Response was from master KDC 
> > [47521] 1647008540.776861: Received error from KDC: -1765328359/Additional 
> > pre-authentication required 
> > [47521] 1647008540.776864: Preauthenticating using KDC method data 
> > [47521] 1647008540.776865: Processing preauth types: PA-PK-AS-REQ (16), 
> > PA-PK-AS-REP_OLD (15), PA-ENC-TIMESTAMP (2), PA-ETYPE-INFO2 (19) 
> > [47521] 1647008540.776866: Selected etype info: etype aes256-cts, salt 
> > "ADTEST.XXX.XXX.XXusu5", params "\x00\x00\x10\x00" 
> > [47521] 1647008540.776867: PKINIT client has no configured identity; giving 
> > up 
> > [47521] 1647008540.776868: PKINIT client has no configured identity; giving 
> > up 
> > [47521] 1647008540.776869: Preauth module pkinit (16) (real) returned: 
> > 22/Invalid argument 
> > Password for u...@adtest.xxx.xxx.xx: 
> > [47521] 1647008555.456745: AS key obtained for encrypted timestamp: 
> > aes256-cts/0DAE 
> > [47521] 1647008555.456747: Encrypted timestamp (for 1647008555.462202): 
> > plain 301AA011180F32303232303331313134323233355AA1050203070D7A, encrypted 
> > 588F164716268F95639456AEE7589886245643006D4F7B630289E1E745736D8B9037356B398C63F122292C02AAB12E25883A00C2E266E84C
> >  
> > [47521] 1647008555.456748: Preauth module encrypted_timestamp (2) (real) 
> > returned: 0/Success 
> > [47521] 1647008555.456749: Produced preauth for next request: 
> > PA-ENC-TIMESTAMP (2) 
> > [47521] 1647008555.456750: Sending request (257 bytes) to ADTEST.XXX.XXX.XX 
> > [47521] 1647008555.456751: Initiating TCP connection to stream [ 
> > http://10.2.100.4:88/ | 10.2.100.4:88 ] 
> > [47521] 1647008556.458248: Initiating TCP connection to stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008556.458249: Sending TCP request to stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008556.458250: Received answer (1438 bytes) from stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008556.458251: Terminating TCP connection to stream [ 
> > http://10.2.100.4:88/ | 10.2.100.4:88 ] 
> > [47521] 1647008556.458252: Terminating TCP connection to stream [ 
> > http://10.2.100.3:88/ | 10.2.100.3:88 ] 
> > [47521] 1647008556.458253: Response was from master KDC 
> > [47521] 1647008556.458254: Processing preauth types: PA-PW-SALT (3) 
> > [47521] 1647008556.458255: Received salt "ADTEST.XXX.XXX.XXusu5" via padata 
> > type PA-PW-SALT (3) 
> > [47521] 1647008556.458256: Produced preauth for next request: (empty) 
> > [47521] 1647008556.458257: AS key determined by preauth: aes256-cts/0DAE 
> > [47521] 1647008556.458258: Decrypted AS reply; session key is: 
> > aes256-cts/35D9 
> > [47521] 1647008556.458259: FAST negotiation: unavailable 
> > kpasswd: KDC reply did not match expectations getting initial ticket 
> > 
> > FYI, I have tried the same test with a user WITHOUT expired password, and 
> > it does not work either, and the log is exactly the same. Indeed, when I 
> > log in with ssh with this user, I cannot change the password too: 
> > 
> > $ passwd 
> > Changing password for user u...@adtest.xxx.xx.xx. 
> > Current Password: 
> > Password change failed. Server message: Old password not accepted. 
> > passwd: Authentication token manipulation error 
> > 
> > Thanks very much. 
> > 
> > 
> > 
> > 
> > 
> > BQ_END 
> > 
> > -- 
> > / Alexander Bokovoy 
> > Sr. Principal Software Engineer 
> > Security / Identity Management Engineering 
> > Red Hat Limited, Finland 
> > 
> > 
> > 
> > 
> > BQ_END
> > 
> > -- 
> > / Alexander Bokovoy 
> > Sr. Principal Software Engineer 
> > Security / Identity Management Engineering 
> > Red Hat Limited, Finland 
> >

> (2022-04-11 10:13:19): [krb5_child[10339]] [main] (0x0400): krb5_child 
> started.
> (2022-04-11 10:13:19): [krb5_child[10339]] [unpack_buffer] (0x1000): total 
> buffer size: [102]
> (2022-04-11 10:13:19): [krb5_child[10339]] [unpack_buffer] (0x0100): cmd [249 
> (pre-auth)] uid [10107] gid [10107] validate [true] enterprise principal 
> [false] offline [false] UPN [u...@adtest.xxx.xxx.xx]
> (2022-04-11 10:13:19): [krb5_child[10339]] [unpack_buffer] (0x0100): ccname: 
> [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab]
> (2022-04-11 10:13:19): [krb5_child[10339]] [k5c_setup_fast] (0x0100): Fast 
> principal is set to [host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx]
> (2022-04-11 10:13:19): [krb5_child[10339]] [find_principal_in_keytab] 
> (0x4000): Trying to find principal 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx in keytab.
> (2022-04-11 10:13:19): [krb5_child[10339]] [match_principal] (0x1000): 
> Principal matched to the sample 
> (host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx).
> (2022-04-11 10:13:19): [krb5_child[10340]] [become_user] (0x0200): Trying to 
> become user [0][0].
> (2022-04-11 10:13:19): [krb5_child[10340]] [become_user] (0x0200): Already 
> user [0].
> (2022-04-11 10:13:19): [krb5_child[10340]] [check_fast_ccache] (0x2000): 
> Running as [0][0].
> (2022-04-11 10:13:19): [krb5_child[10340]] [set_canonicalize_option] 
> (0x0100): Canonicalization is set to [true]
> (2022-04-11 10:13:19): [krb5_child[10340]] [create_ccache] (0x4000): 
> Initializing ccache of type [FILE]
> (2022-04-11 10:13:19): [krb5_child[10340]] [create_ccache] (0x4000): 
> returning: 0
> (2022-04-11 10:13:19): [krb5_child[10339]] [check_fast_ccache] (0x0200): FAST 
> TGT was successfully recreated!
> (2022-04-11 10:13:19): [krb5_child[10339]] [become_user] (0x0200): Trying to 
> become user [10107][10107].
> (2022-04-11 10:13:19): [krb5_child[10339]] [main] (0x2000): Running as 
> [10107][10107].
> (2022-04-11 10:13:19): [krb5_child[10339]] [set_lifetime_options] (0x0100): 
> No specific renewable lifetime requested.
> (2022-04-11 10:13:19): [krb5_child[10339]] [set_lifetime_options] (0x0100): 
> No specific lifetime requested.
> (2022-04-11 10:13:19): [krb5_child[10339]] [set_canonicalize_option] 
> (0x0100): Canonicalization is set to [true]
> (2022-04-11 10:13:19): [krb5_child[10339]] [main] (0x0400): Will perform 
> pre-auth
> (2022-04-11 10:13:19): [krb5_child[10339]] [tgt_req_child] (0x1000): 
> Attempting to get a TGT
> (2022-04-11 10:13:19): [krb5_child[10339]] [get_and_save_tgt] (0x0400): 
> Attempting kinit for realm [ADTEST.xxx.xxx.xx]
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417579: Getting initial credentials for 
> u...@adtest.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417580: FAST armor ccache: 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417581: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.xxx.xxx.xx\@ADTEST.xxx.xxx.xx@X-CACHECONF:
>  from MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417583: Sending unauthenticated request
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417584: Sending request (188 bytes) to 
> ADTEST.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417585: Initiating TCP connection to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417586: Sending TCP request to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417587: Received answer (323 bytes) from stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417588: Terminating TCP connection to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417589: Response was from master KDC
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417590: Received error from KDC: 
> -1765328359/Additional pre-authentication required
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417591: Upgrading to FAST due to presence of 
> PA_FX_FAST in reply
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417592: FAST armor ccache: 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417593: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.xxx.xxx.xx\@ADTEST.xxx.xxx.xx@X-CACHECONF:
>  from MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417594: Getting credentials 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx using ccache 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417595: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/start_realm@X-CACHECONF: from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417596: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417597: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417598: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 0/Success
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417599: Starting with TGT for client realm: 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417600: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417601: Requesting TGT 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx using TGT 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417602: Generated subkey for TGS request: 
> aes256-cts/8B9E
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417603: etypes requested in TGS request: 
> aes256-cts, aes256-sha2, camellia256-cts, aes128-cts, aes128-sha2, 
> camellia128-cts
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417605: Encoding request body and padata into 
> FAST request
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417606: Sending request (2074 bytes) to 
> IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417607: Initiating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417608: Sending TCP request to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417609: Received answer (510 bytes) from stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417610: Terminating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417611: Response was from master KDC
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417612: Decoding FAST response
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417613: TGS request result: -1765328377/Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417614: Trying next closer realm in path: 
> ADTEST.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417615: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417616: Requesting TGT 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx using TGT 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417617: Generated subkey for TGS request: 
> aes256-cts/F32C
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417618: etypes requested in TGS request: 
> aes256-cts, aes256-sha2, camellia256-cts, aes128-cts, aes128-sha2, 
> camellia128-cts
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417620: Encoding request body and padata into 
> FAST request
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417621: Sending request (2074 bytes) to 
> IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417622: Initiating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417623: Sending TCP request to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417624: Received answer (510 bytes) from stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417625: Terminating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417626: Response was from master KDC
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417627: Decoding FAST response
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [sss_child_krb5_trace_cb] 
> (0x4000): [10339] 1649682799.417628: TGS request result: -1765328377/Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database
> 
> (2022-04-11 10:13:19): [krb5_child[10339]] [get_and_save_tgt] (0x0400): 
> krb5_get_init_creds_password returned [-1765328377] during pre-auth.
> (2022-04-11 10:13:19): [krb5_child[10339]] [k5c_send_data] (0x0200): Received 
> error code 0
> (2022-04-11 10:13:19): [krb5_child[10339]] [pack_response_packet] (0x2000): 
> response packet size: [4]
> (2022-04-11 10:13:19): [krb5_child[10339]] [k5c_send_data] (0x4000): Response 
> sent.
> (2022-04-11 10:13:19): [krb5_child[10339]] [main] (0x0400): krb5_child 
> completed successfully
> (2022-04-11 10:13:32): [krb5_child[10343]] [main] (0x0400): krb5_child 
> started.
> (2022-04-11 10:13:32): [krb5_child[10343]] [unpack_buffer] (0x1000): total 
> buffer size: [119]
> (2022-04-11 10:13:32): [krb5_child[10343]] [unpack_buffer] (0x0100): cmd [241 
> (auth)] uid [10107] gid [10107] validate [true] enterprise principal [false] 
> offline [false] UPN [u...@adtest.xxx.xxx.xx]
> (2022-04-11 10:13:32): [krb5_child[10343]] [unpack_buffer] (0x0100): ccname: 
> [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab]
> (2022-04-11 10:13:32): [krb5_child[10343]] [switch_creds] (0x0200): Switch 
> user to [10107][10107].
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_krb5_cc_verify_ccache] 
> (0x2000): TGT not found or expired.
> (2022-04-11 10:13:32): [krb5_child[10343]] [switch_creds] (0x0200): Switch 
> user to [0][0].
> (2022-04-11 10:13:32): [krb5_child[10343]] [k5c_check_old_ccache] (0x4000): 
> Ccache_file is [KCM:] and is not active and TGT is  valid.
> (2022-04-11 10:13:32): [krb5_child[10343]] [k5c_precreate_ccache] (0x4000): 
> Recreating ccache
> (2022-04-11 10:13:32): [krb5_child[10343]] [k5c_setup_fast] (0x0100): Fast 
> principal is set to [host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx]
> (2022-04-11 10:13:32): [krb5_child[10343]] [find_principal_in_keytab] 
> (0x4000): Trying to find principal 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx in keytab.
> (2022-04-11 10:13:32): [krb5_child[10343]] [match_principal] (0x1000): 
> Principal matched to the sample 
> (host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx).
> (2022-04-11 10:13:32): [krb5_child[10343]] [check_fast_ccache] (0x0200): FAST 
> TGT is still valid.
> (2022-04-11 10:13:32): [krb5_child[10343]] [become_user] (0x0200): Trying to 
> become user [10107][10107].
> (2022-04-11 10:13:32): [krb5_child[10343]] [main] (0x2000): Running as 
> [10107][10107].
> (2022-04-11 10:13:32): [krb5_child[10343]] [set_lifetime_options] (0x0100): 
> No specific renewable lifetime requested.
> (2022-04-11 10:13:32): [krb5_child[10343]] [set_lifetime_options] (0x0100): 
> No specific lifetime requested.
> (2022-04-11 10:13:32): [krb5_child[10343]] [set_canonicalize_option] 
> (0x0100): Canonicalization is set to [true]
> (2022-04-11 10:13:32): [krb5_child[10343]] [main] (0x0400): Will perform auth
> (2022-04-11 10:13:32): [krb5_child[10343]] [main] (0x0400): Will perform 
> online auth
> (2022-04-11 10:13:32): [krb5_child[10343]] [tgt_req_child] (0x1000): 
> Attempting to get a TGT
> (2022-04-11 10:13:32): [krb5_child[10343]] [get_and_save_tgt] (0x0400): 
> Attempting kinit for realm [ADTEST.xxx.xxx.xx]
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847088: Getting initial credentials for 
> u...@adtest.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847089: FAST armor ccache: 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847090: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.xxx.xxx.xx\@ADTEST.xxx.xxx.xx@X-CACHECONF:
>  from MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847092: Sending unauthenticated request
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847093: Sending request (188 bytes) to 
> ADTEST.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847094: Initiating TCP connection to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847095: Sending TCP request to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847096: Received answer (323 bytes) from stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847097: Terminating TCP connection to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847098: Response was from master KDC
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847099: Received error from KDC: 
> -1765328359/Additional pre-authentication required
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847100: Upgrading to FAST due to presence of 
> PA_FX_FAST in reply
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847101: FAST armor ccache: 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847102: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.xxx.xxx.xx\@ADTEST.xxx.xxx.xx@X-CACHECONF:
>  from MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847103: Getting credentials 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx using ccache 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847104: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/start_realm@X-CACHECONF: from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847105: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847106: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847107: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 0/Success
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847108: Starting with TGT for client realm: 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847109: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847110: Requesting TGT 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx using TGT 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847111: Generated subkey for TGS request: 
> aes256-cts/6875
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847112: etypes requested in TGS request: 
> aes256-cts, aes256-sha2, camellia256-cts, aes128-cts, aes128-sha2, 
> camellia128-cts
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847114: Encoding request body and padata into 
> FAST request
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847115: Sending request (2074 bytes) to 
> IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847116: Initiating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847117: Sending TCP request to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847118: Received answer (510 bytes) from stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847119: Terminating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847120: Response was from master KDC
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847121: Decoding FAST response
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847122: TGS request result: -1765328377/Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847123: Trying next closer realm in path: 
> ADTEST.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847124: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847125: Requesting TGT 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx using TGT 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847126: Generated subkey for TGS request: 
> aes256-cts/9132
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847127: etypes requested in TGS request: 
> aes256-cts, aes256-sha2, camellia256-cts, aes128-cts, aes128-sha2, 
> camellia128-cts
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847129: Encoding request body and padata into 
> FAST request
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847130: Sending request (2074 bytes) to 
> IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847131: Initiating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847132: Sending TCP request to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847133: Received answer (510 bytes) from stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847134: Terminating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847135: Response was from master KDC
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847136: Decoding FAST response
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [sss_child_krb5_trace_cb] 
> (0x4000): [10343] 1649682812.847137: TGS request result: -1765328377/Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database
> 
> (2022-04-11 10:13:32): [krb5_child[10343]] [get_and_save_tgt] (0x0020): 1724: 
> [-1765328377][Error constructing AP-REQ armor: Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database]
> (2022-04-11 10:13:32): [krb5_child[10343]] [map_krb5_error] (0x0020): 1853: 
> [-1765328377][Error constructing AP-REQ armor: Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database]
> (2022-04-11 10:13:32): [krb5_child[10343]] [k5c_send_data] (0x0200): Received 
> error code 1432158209
> (2022-04-11 10:13:32): [krb5_child[10343]] [pack_response_packet] (0x2000): 
> response packet size: [4]
> (2022-04-11 10:13:32): [krb5_child[10343]] [k5c_send_data] (0x4000): Response 
> sent.
> (2022-04-11 10:13:32): [krb5_child[10343]] [main] (0x0400): krb5_child 
> completed successfully
> (2022-04-11 10:13:34): [krb5_child[10348]] [main] (0x0400): krb5_child 
> started.
> (2022-04-11 10:13:34): [krb5_child[10348]] [unpack_buffer] (0x1000): total 
> buffer size: [102]
> (2022-04-11 10:13:34): [krb5_child[10348]] [unpack_buffer] (0x0100): cmd [249 
> (pre-auth)] uid [10107] gid [10107] validate [true] enterprise principal 
> [false] offline [false] UPN [u...@adtest.xxx.xxx.xx]
> (2022-04-11 10:13:34): [krb5_child[10348]] [unpack_buffer] (0x0100): ccname: 
> [KCM:] old_ccname: [KCM:] keytab: [/etc/krb5.keytab]
> (2022-04-11 10:13:34): [krb5_child[10348]] [k5c_setup_fast] (0x0100): Fast 
> principal is set to [host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx]
> (2022-04-11 10:13:34): [krb5_child[10348]] [find_principal_in_keytab] 
> (0x4000): Trying to find principal 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx in keytab.
> (2022-04-11 10:13:34): [krb5_child[10348]] [match_principal] (0x1000): 
> Principal matched to the sample 
> (host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx).
> (2022-04-11 10:13:34): [krb5_child[10348]] [check_fast_ccache] (0x0200): FAST 
> TGT is still valid.
> (2022-04-11 10:13:34): [krb5_child[10348]] [become_user] (0x0200): Trying to 
> become user [10107][10107].
> (2022-04-11 10:13:34): [krb5_child[10348]] [main] (0x2000): Running as 
> [10107][10107].
> (2022-04-11 10:13:34): [krb5_child[10348]] [set_lifetime_options] (0x0100): 
> No specific renewable lifetime requested.
> (2022-04-11 10:13:34): [krb5_child[10348]] [set_lifetime_options] (0x0100): 
> No specific lifetime requested.
> (2022-04-11 10:13:34): [krb5_child[10348]] [set_canonicalize_option] 
> (0x0100): Canonicalization is set to [true]
> (2022-04-11 10:13:34): [krb5_child[10348]] [main] (0x0400): Will perform 
> pre-auth
> (2022-04-11 10:13:34): [krb5_child[10348]] [tgt_req_child] (0x1000): 
> Attempting to get a TGT
> (2022-04-11 10:13:34): [krb5_child[10348]] [get_and_save_tgt] (0x0400): 
> Attempting kinit for realm [ADTEST.xxx.xxx.xx]
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673946: Getting initial credentials for 
> u...@adtest.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673947: FAST armor ccache: 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673948: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.xxx.xxx.xx\@ADTEST.xxx.xxx.xx@X-CACHECONF:
>  from MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673950: Sending unauthenticated request
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673951: Sending request (188 bytes) to 
> ADTEST.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673952: Initiating TCP connection to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673953: Sending TCP request to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673954: Received answer (323 bytes) from stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673955: Terminating TCP connection to stream 
> 10.2.100.3:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673956: Response was from master KDC
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673957: Received error from KDC: 
> -1765328359/Additional pre-authentication required
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673958: Upgrading to FAST due to presence of 
> PA_FX_FAST in reply
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673959: FAST armor ccache: 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673960: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/fast_avail/krbtgt\/ADTEST.xxx.xxx.xx\@ADTEST.xxx.xxx.xx@X-CACHECONF:
>  from MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673961: Getting credentials 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx using ccache 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673962: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krb5_ccache_conf_data/start_realm@X-CACHECONF: from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673963: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673964: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673965: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 0/Success
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673966: Starting with TGT for client realm: 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673967: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673968: Requesting TGT 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx using TGT 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673969: Generated subkey for TGS request: 
> aes256-cts/3A50
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673970: etypes requested in TGS request: 
> aes256-cts, aes256-sha2, camellia256-cts, aes128-cts, aes128-sha2, 
> camellia128-cts
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673972: Encoding request body and padata into 
> FAST request
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673973: Sending request (2074 bytes) to 
> IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673974: Initiating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673975: Sending TCP request to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673976: Received answer (510 bytes) from stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673977: Terminating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673978: Response was from master KDC
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673979: Decoding FAST response
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673980: TGS request result: -1765328377/Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673981: Trying next closer realm in path: 
> ADTEST.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673982: Retrieving 
> host/idmsrvpru.idmpru.xxx.xxx...@idmpru.xxx.xxx.xx -> 
> krbtgt/adtest.xxx.xxx...@adtest.xxx.xxx.xx from 
> MEMORY:/var/lib/sss/db/fast_ccache_IDMPRU.xxx.xxx.xx with result: 
> -1765328243/Matching credential not found
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673983: Requesting TGT 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx using TGT 
> krbtgt/idmpru.xxx.xxx...@idmpru.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673984: Generated subkey for TGS request: 
> aes256-cts/625C
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673985: etypes requested in TGS request: 
> aes256-cts, aes256-sha2, camellia256-cts, aes128-cts, aes128-sha2, 
> camellia128-cts
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673987: Encoding request body and padata into 
> FAST request
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673988: Sending request (2074 bytes) to 
> IDMPRU.xxx.xxx.xx
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673989: Initiating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673990: Sending TCP request to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673991: Received answer (510 bytes) from stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673992: Terminating TCP connection to stream 
> 10.2.100.2:88
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673993: Response was from master KDC
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673994: Decoding FAST response
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [sss_child_krb5_trace_cb] 
> (0x4000): [10348] 1649682814.673995: TGS request result: -1765328377/Server 
> krbtgt/adtest.xxx.xxx...@idmpru.xxx.xxx.xx not found in Kerberos database
> 
> (2022-04-11 10:13:34): [krb5_child[10348]] [get_and_save_tgt] (0x0400): 
> krb5_get_init_creds_password returned [-1765328377] during pre-auth.
> (2022-04-11 10:13:34): [krb5_child[10348]] [k5c_send_data] (0x0200): Received 
> error code 0
> (2022-04-11 10:13:34): [krb5_child[10348]] [pack_response_packet] (0x2000): 
> response packet size: [4]
> (2022-04-11 10:13:34): [krb5_child[10348]] [k5c_send_data] (0x4000): Response 
> sent.
> (2022-04-11 10:13:34): [krb5_child[10348]] [main] (0x0400): krb5_child 
> completed successfully
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to