On Tue, May 3, 2022 at 9:18 AM tizo <tiz...@gmail.com> wrote: > > On Tue, May 3, 2022 at 2:43 AM Sumit Bose <sb...@redhat.com> wrote: > > > > Am Mon, May 02, 2022 at 03:15:05PM -0300 schrieb tizo: > > > On Mon, May 2, 2022 at 2:36 PM Sumit Bose <sb...@redhat.com> wrote: > > > > > > > > Am Mon, May 02, 2022 at 12:32:34PM -0300 schrieb tizo: > > > > > On Mon, May 2, 2022 at 11:56 AM Sumit Bose <sb...@redhat.com> wrote: > > > > > > > > > > > > Am Mon, May 02, 2022 at 11:39:40AM -0300 schrieb tizo: > > > > > > > > Hi, > > > > > > > > > > > > > > > > thanks, at least I received your email. Can you run the tests > > > > > > > > with > > > > > > > > "krb5_use_fast = never" and "krb5_use_enterprise_principal = > > > > > > > > True" again > > > > > > > > but with 'debug_level = 9' in the [domain/...] section of > > > > > > > > sssd.conf. > > > > > > > > This will add some additional information into krb5_child.log > > > > > > > > which > > > > > > > > might help to understand why the client does not like the reply > > > > > > > > from the > > > > > > > > DC. > > > > > > > > > > > > > > > > bye, > > > > > > > > Sumit > > > > > > > > > > > > > > > > > > > > > > I cleared all the logs and ran the tests again with those > > > > > > > parameters. > > > > > > > I am sending the logs. Thanks! > > > > > > > > > > > > Hi, > > > > > > > > > > > > can you try if you can change the password with 'kapsswd > > > > > > u...@adtest.fnr.gub.uy'? I guess it will fail as well. Can you take > > > > > > a > > > > > > network trace of this command with tcpdump and send it as well? > > > > > > > > > > > > bye, > > > > > > Sumit > > > > > > > > > > > > > > > > It fails, and with kinit too: > > > > > > > > > > [root@idmt01 tmp]# kinit u...@adtest.fnr.gub.uy > > > > > Password for u...@adtest.fnr.gub.uy: > > > > > kinit: KDC reply did not match expectations while getting initial > > > > > credentials > > > > > [root@idmt01 tmp]# kpasswd u...@adtest.fnr.gub.uy > > > > > Password for u...@adtest.fnr.gub.uy: > > > > > kpasswd: KDC reply did not match expectations getting initial ticket > > > > > > > > > > I am sending tcpdump captures while trying with kpasswd. There are > > > > > two, as there are two Samba DC (smbtest.adtest.fnr.gub.uy and > > > > > smbtest02.adtest.fnr.gub.uy), but I think that the first one replied > > > > > in this case. > > > > > > > > Hi, > > > > > > > > can you send the output of > > > > > > > > KRB5_TRACE=/dev/stdout kpasswd u...@adtest.fnr.gub.uy > > > > > > > > as well and your /etc/krb5.conf? > > > > Hi, > > > > thanks. Can you try to remove the krb5-pkinit package and run > > > > KRB5_TRACE=/dev/stdout kpasswd u...@adtest.fnr.gub.uy > > > > again while collecting the network trace and the debug output? > > > > bye, > > Sumit > > > > If I try to remove it, it tries to remove 301 packages. A lot of them > are unused dependencies, but some ipa packages are dependent packages > (ipa-healthcheck, ipa-server, ipa-server-dns, ipa-server-trust-ad). > Here is the whole situation: > > [root@idmt01 ~]# dnf remove krb5-pkinit > Dependencies resolved. > ============================================================================================================================================================================================================ > Package Architecture > Version > Repository Size > ============================================================================================================================================================================================================ > Removing: > krb5-pkinit x86_64 > 1.18.2-14.el8 > @baseos 131 k > Removing dependent packages: > ipa-healthcheck noarch > 0.7-6.module+el8.5.0+675+61f67439 > @appstream 290 k > ipa-server x86_64 > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 1.1 M > ipa-server-dns noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 91 k > ipa-server-trust-ad x86_64 > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 340 k > Removing unused dependencies: > 389-ds-base x86_64 > 1.4.3.23-14.module+el8.5.0+745+c5be6847 > @appstream 9.2 M > 389-ds-base-libs x86_64 > 1.4.3.23-14.module+el8.5.0+745+c5be6847 > @appstream 4.3 M > ant noarch > 1.10.5-1.module+el8.3.0+255+2b2dd360 > @appstream 451 k > ant-lib noarch > 1.10.5-1.module+el8.3.0+255+2b2dd360 > @appstream 2.2 M > apache-commons-cli noarch > 1.4-4.module+el8.3.0+133+b8b54b58 > @appstream 91 k > apache-commons-codec noarch > 1.11-3.module+el8.3.0+133+b8b54b58 > @appstream 361 k > apache-commons-io noarch > 1:2.6-3.module+el8.3.0+133+b8b54b58 > @appstream 281 k > apache-commons-lang3 noarch > 3.7-3.module+el8.3.0+133+b8b54b58 > @appstream 580 k > apache-commons-logging noarch > 1.2-13.module+el8.3.0+133+b8b54b58 > @appstream 180 k > apache-commons-net noarch > 3.6-3.module+el8.3.0+53+ea062990 > @appstream 340 k > apr x86_64 > 1.6.3-12.el8 > @appstream 272 k > apr-util x86_64 > 1.6.1-6.el8.1 > @appstream 217 k > apr-util-bdb x86_64 > 1.6.1-6.el8.1 > @appstream 11 k > apr-util-openssl x86_64 > 1.6.1-6.el8.1 > @appstream 20 k > atk x86_64 > 2.28.1-1.el8 > @appstream 1.2 M > augeas-libs x86_64 > 1.12.0-6.el8 > @baseos 1.3 M > autofs x86_64 > 1:5.1.4-74.el8 > @baseos 2.8 M > bash-completion noarch > 1:2.7-5.el8 > @baseos 895 k > bea-stax-api noarch > 1.2.0-16.module+el8.3.0+53+ea062990 > @appstream 39 k > bind x86_64 > 32:9.11.26-6.el8 > @appstream 4.5 M > bind-dyndb-ldap x86_64 > 11.6-2.module+el8.4.0+429+6bd33fea > @appstream 313 k > bind-pkcs11 x86_64 > 32:9.11.26-6.el8 > @appstream 839 k > bind-pkcs11-libs x86_64 > 32:9.11.26-6.el8 > @appstream 2.9 M > bind-pkcs11-utils x86_64 > 32:9.11.26-6.el8 > @appstream 648 k > cairo x86_64 > 1.15.12-3.el8 > @appstream 1.7 M > certmonger x86_64 > 0.79.13-3.el8 > @appstream 2.9 M > checkpolicy x86_64 > 2.9-1.el8 > @baseos 1.3 M > copy-jdk-configs noarch > 4.0-2.el8 > @appstream 19 k > custodia noarch > 0.6.0-3.module+el8.4.0+429+6bd33fea > @appstream 55 k > cyrus-sasl-gssapi x86_64 > 2.1.27-6.el8_5 > @baseos 41 k > cyrus-sasl-md5 x86_64 > 2.1.27-6.el8_5 > @baseos 86 k > cyrus-sasl-plain x86_64 > 2.1.27-6.el8_5 > @baseos 45 k > fontawesome-fonts noarch > 4.7.0-4.el8 > @appstream 297 k > fontconfig x86_64 > 2.13.1-4.el8 > @baseos 694 k > fontpackages-filesystem noarch > 1.44-22.el8 > @baseos 0 > fribidi x86_64 > 1.0.4-8.el8 > @appstream 312 k > gdk-pixbuf2 x86_64 > 2.36.12-5.el8 > @baseos 2.5 M > gdk-pixbuf2-modules x86_64 > 2.36.12-5.el8 > @appstream 269 k > giflib x86_64 > 5.1.4-3.el8 > @appstream 100 k > glassfish-fastinfoset noarch > 1.2.13-9.module+el8.3.0+53+ea062990 > @appstream 395 k > glassfish-jaxb-api noarch > 2.2.12-8.module+el8.3.0+53+ea062990 > @appstream 115 k > glassfish-jaxb-core noarch > 2.2.11-11.module+el8.3.0+53+ea062990 > @appstream 236 k > glassfish-jaxb-runtime noarch > 2.2.11-11.module+el8.3.0+53+ea062990 > @appstream 1.1 M > glassfish-jaxb-txw2 noarch > 2.2.11-11.module+el8.3.0+53+ea062990 > @appstream 153 k > graphite2 x86_64 > 1.3.10-10.el8 > @appstream 247 k > gssproxy x86_64 > 0.8.0-19.el8 > @baseos 262 k > gtk-update-icon-cache x86_64 > 3.22.30-8.el8 > @appstream 59 k > gtk2 x86_64 > 2.24.32-5.el8 > @appstream 13 M > harfbuzz x86_64 > 1.7.5-3.el8 > @appstream 724 k > hicolor-icon-theme noarch > 0.17-2.el8 > @appstream 72 k > httpcomponents-client noarch > 4.5.5-4.module+el8.3.0+133+b8b54b58 > @appstream 915 k > httpcomponents-core noarch > 4.4.10-3.module+el8.3.0+133+b8b54b58 > @appstream 1.1 M > httpd x86_64 > 2.4.37-43.module+el8.5.0+747+83fae388.3 > @appstream 4.3 M > httpd-filesystem noarch > 2.4.37-43.module+el8.5.0+747+83fae388.3 > @appstream 400 > httpd-tools x86_64 > 2.4.37-43.module+el8.5.0+747+83fae388.3 > @appstream 194 k > ipa-client x86_64 > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 260 k > ipa-client-common noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 47 k > ipa-common noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 3.9 M > ipa-selinux noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 16 k > ipa-server-common noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 2.3 M > istack-commons-runtime noarch > 2.21-9.el8 > @appstream 63 k > jackson-annotations noarch > 2.10.0-1.module+el8.3.0+53+ea062990 > @appstream 82 k > jackson-core noarch > 2.10.0-1.module+el8.3.0+53+ea062990 > @appstream 376 k > jackson-databind noarch > 2.10.0-1.module+el8.3.0+53+ea062990 > @appstream 1.5 M > jackson-jaxrs-json-provider noarch > 2.9.9-1.module+el8.3.0+53+ea062990 > @appstream 20 k > jackson-jaxrs-providers noarch > 2.9.9-1.module+el8.3.0+53+ea062990 > @appstream 47 k > jackson-module-jaxb-annotations noarch > 2.7.6-4.module+el8.3.0+53+ea062990 > @appstream 47 k > jasper-libs x86_64 > 2.0.14-5.el8 > @appstream 363 k > java-1.8.0-openjdk x86_64 > 1:1.8.0.322.b06-2.el8_5 > @appstream 841 k > java-1.8.0-openjdk-devel x86_64 > 1:1.8.0.322.b06-2.el8_5 > @appstream 41 M > java-1.8.0-openjdk-headless x86_64 > 1:1.8.0.322.b06-2.el8_5 > @appstream 117 M > javapackages-filesystem noarch > 5.3.0-2.module+el8.3.0+125+5da1ae29 > @appstream 1.9 k > javapackages-tools noarch > 5.3.0-2.module+el8.3.0+125+5da1ae29 > @appstream 63 k > jbigkit-libs x86_64 > 2.1-14.el8 > @appstream 107 k > jboss-annotations-1.2-api noarch > 1.0.0-4.el8 > @appstream 64 k > jboss-jaxrs-2.0-api noarch > 1.0.0-6.el8 > @appstream 135 k > jboss-logging noarch > 3.3.0-5.el8 > @appstream 78 k > jboss-logging-tools noarch > 2.0.1-6.el8 > @appstream 197 k > jdeparser noarch > 2.0.0-5.el8 > @appstream 242 k > jss x86_64 > 4.9.1-1.module+el8.5.0+701+8dc610e5 > @appstream 1.5 M > keyutils x86_64 > 1.5.10-9.el8 > @baseos 118 k > krb5-server x86_64 > 1.18.2-14.el8 > @baseos 1.4 M > krb5-workstation x86_64 > 1.18.2-14.el8 > @baseos 3.3 M > ldapjdk noarch > 4.23.0-1.module+el8.5.0+701+8dc610e5 > @appstream 350 k > ldns x86_64 > 1.7.0-21.el8 > @appstream 418 k > libX11 x86_64 > 1.6.8-5.el8 > @appstream 1.3 M > libX11-common noarch > 1.6.8-5.el8 > @appstream 1.3 M > libXau x86_64 > 1.0.9-3.el8 > @appstream 60 k > libXcomposite x86_64 > 0.4.4-14.el8 > @appstream 35 k > libXcursor x86_64 > 1.1.15-3.el8 > @appstream 46 k > libXdamage x86_64 > 1.1.4-14.el8 > @appstream 29 k > libXext x86_64 > 1.3.4-1.el8 > @appstream 90 k > libXfixes x86_64 > 5.0.3-7.el8 > @appstream 27 k > libXft x86_64 > 2.3.3-1.el8 > @appstream 129 k > libXi x86_64 > 1.7.10-1.el8 > @appstream 73 k > libXinerama x86_64 > 1.1.4-1.el8 > @appstream 15 k > libXrandr x86_64 > 1.5.2-1.el8 > @appstream 48 k > libXrender x86_64 > 0.9.10-7.el8 > @appstream 47 k > libXtst x86_64 > 1.2.3-7.el8 > @appstream 34 k > libdatrie x86_64 > 0.2.9-7.el8 > @appstream 59 k > libfontenc x86_64 > 1.1.3-8.el8 > @appstream 55 k > libipa_hbac x86_64 > 2.5.2-2.el8_5.4 > @baseos 58 k > libkadm5 x86_64 > 1.18.2-14.el8 > @baseos 219 k > libsss_simpleifp x86_64 > 2.5.2-2.el8_5.4 > @baseos 32 k > libthai x86_64 > 0.1.27-2.el8 > @appstream 751 k > libtiff x86_64 > 4.0.9-20.el8 > @appstream 506 k > libverto-libevent x86_64 > 0.3.0-5.el8 > @baseos 12 k > libxcb x86_64 > 1.13.1-1.el8 > @appstream 1.0 M > libxslt x86_64 > 1.1.32-6.el8 > @baseos 734 k > lksctp-tools x86_64 > 1.0.18-3.el8 > @baseos 246 k > lua x86_64 > 5.3.4-12.el8 > @appstream 553 k > mailcap noarch > 2.1.48-3.el8 > @baseos 71 k > mod_auth_gssapi x86_64 > 1.6.1-7.1.el8 > @appstream 177 k > mod_http2 x86_64 > 1.15.7-3.module+el8.5.0+695+1fa8055e > @appstream 394 k > mod_lookup_identity x86_64 > 1.0.0-4.el8 > @appstream 50 k > mod_session x86_64 > 2.4.37-43.module+el8.5.0+747+83fae388.3 > @appstream 112 k > mod_ssl x86_64 > 1:2.4.37-43.module+el8.5.0+747+83fae388.3 > @appstream 266 k > nfs-utils x86_64 > 1:2.3.3-46.el8 > @baseos 1.5 M > nspr x86_64 > 4.32.0-1.el8_4 > @appstream 310 k > nss x86_64 > 3.67.0-7.el8_5 > @appstream 2.0 M > nss-softokn x86_64 > 3.67.0-7.el8_5 > @appstream 1.9 M > nss-softokn-freebl x86_64 > 3.67.0-7.el8_5 > @appstream 792 k > nss-sysinit x86_64 > 3.67.0-7.el8_5 > @appstream 14 k > nss-tools x86_64 > 3.67.0-7.el8_5 > @appstream 2.3 M > nss-util x86_64 > 3.67.0-7.el8_5 > @appstream 220 k > oddjob x86_64 > 0.34.7-1.el8 > @appstream 162 k > oddjob-mkhomedir x86_64 > 0.34.7-1.el8 > @appstream 71 k > open-sans-fonts noarch > 1.10-6.el8 > @appstream 2.1 M > opencryptoki x86_64 > 3.16.0-7.el8_5 > @baseos 382 k > opencryptoki-icsftok x86_64 > 3.16.0-7.el8_5 > @baseos 809 k > opencryptoki-libs x86_64 > 3.16.0-7.el8_5 > @baseos 123 k > opendnssec x86_64 > 2.1.7-1.module+el8.4.0+429+6bd33fea > @appstream 1.7 M > openldap-clients x86_64 > 2.4.46-18.el8 > @baseos 612 k > openssl-perl x86_64 > 1:1.1.1k-6.el8_5 > @baseos 28 k > pango x86_64 > 1.42.4-8.el8 > @appstream 771 k > perl-Algorithm-Diff noarch > 1.1903-9.el8 > @baseos 108 k > perl-Archive-Tar noarch > 2.30-1.el8 > @baseos 151 k > perl-Carp noarch > 1.42-396.el8 > @baseos 41 k > perl-Compress-Raw-Bzip2 x86_64 > 2.081-1.el8 > @baseos 57 k > perl-Compress-Raw-Zlib x86_64 > 2.081-1.el8 > @baseos 143 k > perl-DB_File x86_64 > 1.842-1.el8 > @appstream 181 k > perl-Data-Dumper x86_64 > 2.167-399.el8 > @baseos 104 k > perl-Digest noarch > 1.17-395.el8 > @appstream 26 k > perl-Digest-MD5 x86_64 > 2.55-396.el8 > @appstream 55 k > perl-Encode x86_64 > 4:2.97-3.el8 > @baseos 9.7 M > perl-Errno x86_64 > 1.28-420.el8 > @baseos 9.3 k > perl-Exporter noarch > 5.72-396.el8 > @baseos 54 k > perl-File-Path noarch > 2.15-2.el8 > @baseos 63 k > perl-File-Temp noarch > 0.230.600-1.el8 > @baseos 161 k > perl-Getopt-Long noarch > 1:2.50-4.el8 > @baseos 136 k > perl-HTTP-Tiny noarch > 0.074-1.el8 > @baseos 146 k > perl-IO x86_64 > 1.38-420.el8 > @baseos 136 k > perl-IO-Compress noarch > 2.081-1.el8 > @baseos 792 k > perl-IO-Socket-IP noarch > 0.39-5.el8 > @appstream 97 k > perl-IO-Socket-SSL noarch > 2.066-4.module+el8.4.0+512+d4f0fc54 > @appstream 604 k > perl-IO-Zlib noarch > 1:1.10-420.el8 > @baseos 19 k > perl-MIME-Base64 x86_64 > 3.15-396.el8 > @baseos 40 k > perl-Mozilla-CA noarch > 20160104-7.module+el8.4.0+529+e3b3e624 > @appstream 5.6 k > perl-Net-SSLeay x86_64 > 1.88-1.module+el8.4.0+512+d4f0fc54 > @appstream 1.3 M > perl-PathTools x86_64 > 3.74-1.el8 > @baseos 178 k > perl-Pod-Escapes noarch > 1:1.07-395.el8 > @baseos 25 k > perl-Pod-Perldoc noarch > 3.28-396.el8 > @baseos 165 k > perl-Pod-Simple noarch > 1:3.35-395.el8 > @baseos 531 k > perl-Pod-Usage noarch > 4:1.69-395.el8 > @baseos 49 k > perl-Scalar-List-Utils x86_64 > 3:1.49-2.el8 > @baseos 121 k > perl-Socket x86_64 > 4:2.027-3.el8 > @baseos 121 k > perl-Storable x86_64 > 1:3.11-3.el8 > @baseos 216 k > perl-Term-ANSIColor noarch > 4.06-396.el8 > @baseos 88 k > perl-Term-Cap noarch > 1.17-395.el8 > @baseos 29 k > perl-Text-Diff noarch > 1.45-2.el8 > @baseos 84 k > perl-Text-ParseWords noarch > 3.30-395.el8 > @baseos 13 k > perl-Text-Tabs+Wrap noarch > 2013.0523-395.el8 > @baseos 24 k > perl-Time-Local noarch > 1:1.280-1.el8 > @baseos 59 k > perl-URI noarch > 1.73-3.el8 > @appstream 211 k > perl-Unicode-Normalize x86_64 > 1.25-396.el8 > @baseos 622 k > perl-constant noarch > 1.33-396.el8 > @baseos 26 k > perl-interpreter x86_64 > 4:5.26.3-420.el8 > @baseos 14 M > perl-libnet noarch > 3.11-3.el8 > @appstream 271 k > perl-libs x86_64 > 4:5.26.3-420.el8 > @baseos 5.8 M > perl-macros x86_64 > 4:5.26.3-420.el8 > @baseos 5.1 k > perl-parent noarch > 1:0.237-1.el8 > @baseos 9.0 k > perl-podlators noarch > 4.11-1.el8 > @baseos 281 k > perl-threads x86_64 > 1:2.21-2.el8 > @baseos 106 k > perl-threads-shared x86_64 > 1.58-2.el8 > @baseos 76 k > pixman x86_64 > 0.38.4-1.el8 > @appstream 681 k > pki-acme noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 2.8 M > pki-base noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 1.9 M > pki-base-java noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 767 k > pki-ca noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 3.3 M > pki-kra noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 617 k > pki-server noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 6.0 M > pki-servlet-4.0-api noarch > 1:9.0.30-3.module+el8.5.0+697+f586bb30 > @appstream 332 k > pki-servlet-engine noarch > 1:9.0.30-3.module+el8.5.0+697+f586bb30 > @appstream 6.4 M > pki-symkey x86_64 > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 106 k > pki-tools x86_64 > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 1.4 M > policycoreutils-python-utils noarch > 2.9-16.el8 > @baseos 138 k > psmisc x86_64 > 23.1-5.el8 > @baseos 483 k > publicsuffix-list noarch > 20180723-1.el8 > @baseos 224 k > python3-argcomplete noarch > 1.9.3-6.el8 > @appstream 194 k > python3-asn1crypto noarch > 0.24.0-3.el8 > @baseos 854 k > python3-audit x86_64 > 3.0-0.17.20191104git1c2f876.el8.1 > @baseos 326 k > python3-augeas noarch > 0.5.0-12.el8 > @appstream 87 k > python3-babel noarch > 2.5.1-7.el8 > @appstream 20 M > python3-cffi x86_64 > 1.11.5-5.el8 > @baseos 993 k > python3-chardet noarch > 3.0.4-7.el8 > @baseos 904 k > python3-cryptography x86_64 > 3.2.1-5.el8 > @baseos 2.7 M > python3-custodia noarch > 0.6.0-3.module+el8.4.0+429+6bd33fea > @appstream 344 k > python3-distro noarch > 1.4.0-2.module+el8.3.0+120+426d8baf > @appstream 150 k > python3-dns noarch > 1.15.0-10.el8 > @baseos 1.0 M > python3-gssapi x86_64 > 1.5.1-5.el8 > @appstream 1.9 M > python3-html5lib noarch > 1:0.999999999-6.el8 > @appstream 1.1 M > python3-idna noarch > 2.5-5.el8 > @baseos 509 k > python3-ipaclient noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 7.1 M > python3-ipalib noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 2.8 M > python3-ipaserver noarch > 4.9.6-10.module+el8.5.0+719+4f06efb6 > @appstream 7.2 M > python3-jinja2 noarch > 2.10.1-3.el8 > @appstream 2.5 M > python3-jwcrypto noarch > 0.5.0-1.module+el8.4.0+429+6bd33fea > @appstream 231 k > python3-kdcproxy noarch > 0.4-5.module+el8.3.0+244+0b2ae752 > @appstream 95 k > python3-ldap x86_64 > 3.3.1-2.el8 > @appstream 820 k > python3-ldb x86_64 > 2.3.0-2.el8 > @baseos 130 k > python3-lib389 noarch > 1.4.3.23-14.module+el8.5.0+745+c5be6847 > @appstream 3.9 M > python3-libipa_hbac x86_64 > 2.5.2-2.el8_5.4 > @baseos 39 k > python3-libsemanage x86_64 > 2.9-6.el8 > @baseos 438 k > python3-libsss_nss_idmap x86_64 > 2.5.2-2.el8_5.4 > @baseos 19 k > python3-lxml x86_64 > 4.2.3-3.el8 > @appstream 4.8 M > python3-markupsafe x86_64 > 0.23-19.el8 > @appstream 76 k > python3-mod_wsgi x86_64 > 4.6.4-4.el8 > @appstream 9.5 M > python3-netaddr noarch > 0.7.19-8.el8 > @appstream 8.4 M > python3-netifaces x86_64 > 0.10.6-4.el8 > @appstream 39 k > python3-nss x86_64 > 1.0.1-10.module+el8.3.0+53+ea062990 > @appstream 939 k > python3-pip noarch > 9.0.3-20.el8.rocky.0 > @appstream 2.8 k > python3-pki noarch > 10.11.2-4.module+el8.5.0+731+6beda627 > @appstream 698 k > python3-policycoreutils noarch > 2.9-16.el8 > @baseos 5.4 M > python3-psutil x86_64 > 5.4.3-11.el8 > @appstream 1.9 M > python3-pyasn1 noarch > 0.3.7-6.el8 > @appstream 522 k > python3-pyasn1-modules noarch > 0.3.7-6.el8 > @appstream 603 k > python3-pycparser noarch > 2.14-14.el8 > @baseos 587 k > python3-pysocks noarch > 1.6.8-3.el8 > @baseos 75 k > python3-pytz noarch > 2017.2-9.el8 > @appstream 175 k > python3-pyusb noarch > 1.0.0-9.module+el8.4.0+429+6bd33fea > @appstream 373 k > python3-pyyaml x86_64 > 3.12-12.el8 > @baseos 634 k > python3-qrcode-core noarch > 5.1-12.module+el8.4.0+429+6bd33fea > @appstream 105 k > python3-requests noarch > 2.20.0-2.1.el8_1 > @baseos 369 k > python3-samba x86_64 > 4.14.5-10.el8_5 > @baseos 18 M > python3-setools x86_64 > 4.3.0-2.el8 > @baseos 2.6 M > python3-setuptools noarch > 39.2.0-6.el8 > @baseos 450 k > python3-sss x86_64 > 2.5.2-2.el8_5.4 > @baseos 58 k > python3-sss-murmur x86_64 > 2.5.2-2.el8_5.4 > @baseos 8.3 k > python3-sssdconfig noarch > 2.5.2-2.el8_5.4 > @baseos 245 k > python3-systemd x86_64 > 234-8.el8 > @appstream 263 k > python3-talloc x86_64 > 2.3.2-1.el8 > @baseos 29 k > python3-tdb x86_64 > 1.4.3-1.el8 > @baseos 38 k > python3-tevent x86_64 > 0.11.0-0.el8 > @baseos 29 k > python3-urllib3 noarch > 1.24.2-5.el8 > @baseos 606 k > python3-webencodings noarch > 0.5.1-6.el8 > @appstream 72 k > python3-yubico noarch > 1.3.2-9.module+el8.4.0+429+6bd33fea > @appstream 220 k > python36 x86_64 > 3.6.8-38.module+el8.5.0+671+195e4563 > @appstream 13 k > quota x86_64 > 1:4.04-14.el8 > @baseos 887 k > quota-nls noarch > 1:4.04-14.el8 > @baseos 277 k > relaxngDatatype noarch > 2011.1-7.module+el8.3.0+53+ea062990 > @appstream 30 k > resteasy noarch > 3.0.26-6.module+el8.5.0+697+f586bb30 > @appstream 1.2 M > rocky-logos-httpd noarch > 85.0-3.el8 > @baseos 22 k > rocky-logos-ipa noarch > 85.0-3.el8 > @appstream 630 k > rpcbind x86_64 > 1.2.5-8.el8 > @baseos 108 k > samba x86_64 > 4.14.5-10.el8_5 > @baseos 2.5 M > samba-common-tools x86_64 > 4.14.5-10.el8_5 > @baseos 1.2 M > samba-libs x86_64 > 4.14.5-10.el8_5 > @baseos 301 k > samba-winbind x86_64 > 4.14.5-10.el8_5 > @baseos 1.5 M > samba-winbind-modules x86_64 > 4.14.5-10.el8_5 > @baseos 87 k > slapi-nis x86_64 > 0.56.6-4.module+el8.5.0+675+61f67439 > @appstream 452 k > slf4j noarch > 1.7.25-4.module+el8.5.0+697+f586bb30 > @appstream 82 k > slf4j-jdk14 noarch > 1.7.25-4.module+el8.5.0+697+f586bb30 > @appstream 11 k > softhsm x86_64 > 2.6.0-5.module+el8.4.0+429+6bd33fea > @appstream 1.5 M > sscg x86_64 > 2.3.3-14.el8 > @appstream 98 k > sssd-common-pac x86_64 > 2.5.2-2.el8_5.4 > @baseos 251 k > sssd-dbus x86_64 > 2.5.2-2.el8_5.4 > @baseos 352 k > sssd-ipa x86_64 > 2.5.2-2.el8_5.4 > @baseos 708 k > sssd-krb5-common x86_64 > 2.5.2-2.el8_5.4 > @baseos 290 k > sssd-tools x86_64 > 2.5.2-2.el8_5.4 > @baseos 421 k > sssd-winbind-idmap x86_64 > 2.5.2-2.el8_5.4 > @baseos 16 k > stax-ex noarch > 1.7.7-8.module+el8.3.0+53+ea062990 > @appstream 80 k > tar x86_64 > 2:1.30-5.el8 > @baseos 2.7 M > tomcatjss noarch > 7.7.0-1.module+el8.5.0+701+8dc610e5 > @appstream 76 k > ttmkfdir x86_64 > 3.0.9-54.el8 > @appstream 124 k > tzdata-java noarch > 2022a-1.el8 > @appstream 362 k > words noarch > 3.0-28.el8 > @baseos 4.7 M > xalan-j2 noarch > 2.7.1-38.module+el8.3.0+53+ea062990 > @appstream 2.1 M > xerces-j2 noarch > 2.11.0-34.module+el8.3.0+53+ea062990 > @appstream 1.3 M > xml-commons-apis noarch > 1.4.01-25.module+el8.5.0+697+f586bb30 > @appstream 330 k > xml-commons-resolver noarch > 1.2-26.module+el8.3.0+53+ea062990 > @appstream 121 k > xmlrpc-c x86_64 > 1.51.0-5.el8 > @baseos 592 k > xmlrpc-c-client x86_64 > 1.51.0-5.el8 > @baseos 56 k > xmlstreambuffer noarch > 1.5.4-8.module+el8.3.0+53+ea062990 > @appstream 113 k > xorg-x11-font-utils x86_64 > 1:7.5-41.el8 > @appstream 362 k > xorg-x11-fonts-Type1 noarch > 7.5-19.el8 > @appstream 863 k > xsom noarch > 0-19.20110809svn.module+el8.3.0+53+ea062990 > @appstream 452 k > > Transaction Summary > ============================================================================================================================================================================================================ > Remove 301 Packages > > Freed space: 471 M > Is this ok [y/N]:
Having forced the removal with rpm -e krb5-pkinit --nodeps, I have the following output: [root@idmt01 ~]# KRB5_TRACE=/dev/stdout kpasswd u...@adtest.fnr.gub.uy [1801] 1651587927.720656: Getting initial credentials for u...@adtest.fnr.gub.uy [1801] 1651587927.720657: Setting initial creds service to kadmin/changepw [1801] 1651587927.720659: Sending unauthenticated request [1801] 1651587927.720660: Sending request (179 bytes) to ADTEST.FNR.GUB.UY [1801] 1651587927.720661: Sending DNS URI query for _kerberos.ADTEST.FNR.GUB.UY. [1801] 1651587927.720662: No URI records found [1801] 1651587927.720663: Sending DNS SRV query for _kerberos._udp.ADTEST.FNR.GUB.UY. [1801] 1651587927.720664: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." [1801] 1651587927.720665: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." [1801] 1651587927.720666: Sending DNS SRV query for _kerberos._tcp.ADTEST.FNR.GUB.UY. [1801] 1651587927.720667: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." [1801] 1651587927.720668: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." [1801] 1651587927.720669: Resolving hostname smbtest.adtest.fnr.gub.uy. [1801] 1651587927.720670: Resolving hostname smbtest02.adtest.fnr.gub.uy. [1801] 1651587927.720671: Resolving hostname smbtest.adtest.fnr.gub.uy. [1801] 1651587927.720672: Initiating TCP connection to stream 10.2.100.3:88 [1801] 1651587927.720673: Sending TCP request to stream 10.2.100.3:88 [1801] 1651587927.720674: Received answer (314 bytes) from stream 10.2.100.3:88 [1801] 1651587927.720675: Terminating TCP connection to stream 10.2.100.3:88 [1801] 1651587927.720676: Sending DNS URI query for _kerberos.ADTEST.FNR.GUB.UY. [1801] 1651587927.720677: No URI records found [1801] 1651587927.720678: Sending DNS SRV query for _kerberos-master._tcp.ADTEST.FNR.GUB.UY. [1801] 1651587927.720679: No SRV records found [1801] 1651587927.720680: Response was not from master KDC [1801] 1651587927.720681: Received error from KDC: -1765328359/Additional pre-authentication required [1801] 1651587927.720684: Preauthenticating using KDC method data [1801] 1651587927.720685: Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-PKINIT-KX (147), PA-ENC-TIMESTAMP (2), PA-FX-FAST (136), 655, PA-ETYPE-INFO2 (19) [1801] 1651587927.720686: Selected etype info: etype aes256-cts, salt "ADTEST.FNR.GUB.UYusu1", params "\x00\x00\x10\x00" Password for u...@adtest.fnr.gub.uy: [1801] 1651587936.906047: AS key obtained for encrypted timestamp: aes256-cts/75AC [1801] 1651587936.906049: Encrypted timestamp (for 1651587936.921584): plain 301AA011180F32303232303530333134323533365AA10502030E0FF0, encrypted EB387E7F664143E3E03C1206A88BAD891E100BEC30FA51893222E41B95325D3DA1AF1E12FC4F1C7BC5856CA42A67FD0FF51CBB8DF46882C9 [1801] 1651587936.906050: Preauth module encrypted_timestamp (2) (real) returned: 0/Success [1801] 1651587936.906051: Produced preauth for next request: PA-ENC-TIMESTAMP (2) [1801] 1651587936.906052: Sending request (257 bytes) to ADTEST.FNR.GUB.UY [1801] 1651587936.906053: Sending DNS URI query for _kerberos.ADTEST.FNR.GUB.UY. [1801] 1651587936.906054: No URI records found [1801] 1651587936.906055: Sending DNS SRV query for _kerberos._udp.ADTEST.FNR.GUB.UY. [1801] 1651587936.906056: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." [1801] 1651587936.906057: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." [1801] 1651587936.906058: Sending DNS SRV query for _kerberos._tcp.ADTEST.FNR.GUB.UY. [1801] 1651587936.906059: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." [1801] 1651587936.906060: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." [1801] 1651587936.906061: Resolving hostname smbtest02.adtest.fnr.gub.uy. [1801] 1651587936.906062: Resolving hostname smbtest.adtest.fnr.gub.uy. [1801] 1651587936.906063: Resolving hostname smbtest02.adtest.fnr.gub.uy. [1801] 1651587936.906064: Initiating TCP connection to stream 10.2.100.4:88 [1801] 1651587936.906065: Sending TCP request to stream 10.2.100.4:88 [1801] 1651587936.906066: Received answer (1468 bytes) from stream 10.2.100.4:88 [1801] 1651587936.906067: Terminating TCP connection to stream 10.2.100.4:88 [1801] 1651587936.906068: Sending DNS URI query for _kerberos.ADTEST.FNR.GUB.UY. [1801] 1651587936.906069: No URI records found [1801] 1651587936.906070: Sending DNS SRV query for _kerberos-master._tcp.ADTEST.FNR.GUB.UY. [1801] 1651587936.906071: No SRV records found [1801] 1651587936.906072: Response was not from master KDC [1801] 1651587936.906073: Processing preauth types: PA-ETYPE-INFO2 (19) [1801] 1651587936.906074: Selected etype info: etype aes256-cts, salt "ADTEST.FNR.GUB.UYusu1", params "\x00\x00\x10\x00" [1801] 1651587936.906075: Produced preauth for next request: (empty) [1801] 1651587936.906076: AS key determined by preauth: aes256-cts/75AC [1801] 1651587936.906077: Decrypted AS reply; session key is: aes256-cts/4C33 [1801] 1651587936.906078: FAST negotiation: available [1801] 1651587936.906079: Retrying AS request with master KDC [1801] 1651587936.906080: Getting initial credentials for u...@adtest.fnr.gub.uy [1801] 1651587936.906081: Setting initial creds service to kadmin/changepw [1801] 1651587936.906083: Sending unauthenticated request [1801] 1651587936.906084: Sending request (179 bytes) to ADTEST.FNR.GUB.UY (master) [1801] 1651587936.906085: Sending DNS URI query for _kerberos.ADTEST.FNR.GUB.UY. [1801] 1651587936.906086: No URI records found [1801] 1651587936.906087: Sending DNS SRV query for _kerberos-master._udp.ADTEST.FNR.GUB.UY. [1801] 1651587936.906088: Sending DNS SRV query for _kerberos-master._tcp.ADTEST.FNR.GUB.UY. [1801] 1651587936.906089: No SRV records found kpasswd: KDC reply did not match expectations getting initial ticket I am sending the network trace at that moment too. Thanks!
tcpdump_capture_smb_dcs
Description: Binary data
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure