On Tue, May 3, 2022 at 11:29 AM tizo <tiz...@gmail.com> wrote: > > On Tue, May 3, 2022 at 9:18 AM tizo <tiz...@gmail.com> wrote: > > > > On Tue, May 3, 2022 at 2:43 AM Sumit Bose <sb...@redhat.com> wrote: > > > > > > Am Mon, May 02, 2022 at 03:15:05PM -0300 schrieb tizo: > > > > On Mon, May 2, 2022 at 2:36 PM Sumit Bose <sb...@redhat.com> wrote: > > > > > > > > > > Am Mon, May 02, 2022 at 12:32:34PM -0300 schrieb tizo: > > > > > > On Mon, May 2, 2022 at 11:56 AM Sumit Bose <sb...@redhat.com> wrote: > > > > > > > > > > > > > > Am Mon, May 02, 2022 at 11:39:40AM -0300 schrieb tizo: > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > thanks, at least I received your email. Can you run the tests > > > > > > > > > with > > > > > > > > > "krb5_use_fast = never" and "krb5_use_enterprise_principal = > > > > > > > > > True" again > > > > > > > > > but with 'debug_level = 9' in the [domain/...] section of > > > > > > > > > sssd.conf. > > > > > > > > > This will add some additional information into krb5_child.log > > > > > > > > > which > > > > > > > > > might help to understand why the client does not like the > > > > > > > > > reply from the > > > > > > > > > DC. > > > > > > > > > > > > > > > > > > bye, > > > > > > > > > Sumit > > > > > > > > > > > > > > > > > > > > > > > > > I cleared all the logs and ran the tests again with those > > > > > > > > parameters. > > > > > > > > I am sending the logs. Thanks! > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > can you try if you can change the password with 'kapsswd > > > > > > > u...@adtest.fnr.gub.uy'? I guess it will fail as well. Can you > > > > > > > take a > > > > > > > network trace of this command with tcpdump and send it as well? > > > > > > > > > > > > > > bye, > > > > > > > Sumit > > > > > > > > > > > > > > > > > > > It fails, and with kinit too: > > > > > > > > > > > > [root@idmt01 tmp]# kinit u...@adtest.fnr.gub.uy > > > > > > Password for u...@adtest.fnr.gub.uy: > > > > > > kinit: KDC reply did not match expectations while getting initial > > > > > > credentials > > > > > > [root@idmt01 tmp]# kpasswd u...@adtest.fnr.gub.uy > > > > > > Password for u...@adtest.fnr.gub.uy: > > > > > > kpasswd: KDC reply did not match expectations getting initial ticket > > > > > > > > > > > > I am sending tcpdump captures while trying with kpasswd. There are > > > > > > two, as there are two Samba DC (smbtest.adtest.fnr.gub.uy and > > > > > > smbtest02.adtest.fnr.gub.uy), but I think that the first one replied > > > > > > in this case. > > > > > > > > > > Hi, > > > > > > > > > > can you send the output of > > > > > > > > > > KRB5_TRACE=/dev/stdout kpasswd u...@adtest.fnr.gub.uy > > > > > > > > > > as well and your /etc/krb5.conf? > > > > > > Hi, > > > > > > thanks. Can you try to remove the krb5-pkinit package and run > > > > > > KRB5_TRACE=/dev/stdout kpasswd u...@adtest.fnr.gub.uy > > > > > > again while collecting the network trace and the debug output? > > > > > > bye, > > > Sumit > > > > > > > If I try to remove it, it tries to remove 301 packages. A lot of them > > are unused dependencies, but some ipa packages are dependent packages > > (ipa-healthcheck, ipa-server, ipa-server-dns, ipa-server-trust-ad). > > Here is the whole situation: > > > > [root@idmt01 ~]# dnf remove krb5-pkinit > > Dependencies resolved. > > ============================================================================================================================================================================================================ > > Package Architecture > > Version > > Repository Size > > ============================================================================================================================================================================================================ > > Removing: > > krb5-pkinit x86_64 > > 1.18.2-14.el8 > > @baseos 131 k > > Removing dependent packages: > > ipa-healthcheck noarch > > 0.7-6.module+el8.5.0+675+61f67439 > > @appstream 290 k > > ipa-server x86_64 > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 1.1 M > > ipa-server-dns noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 91 k > > ipa-server-trust-ad x86_64 > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 340 k > > Removing unused dependencies: > > 389-ds-base x86_64 > > 1.4.3.23-14.module+el8.5.0+745+c5be6847 > > @appstream 9.2 M > > 389-ds-base-libs x86_64 > > 1.4.3.23-14.module+el8.5.0+745+c5be6847 > > @appstream 4.3 M > > ant noarch > > 1.10.5-1.module+el8.3.0+255+2b2dd360 > > @appstream 451 k > > ant-lib noarch > > 1.10.5-1.module+el8.3.0+255+2b2dd360 > > @appstream 2.2 M > > apache-commons-cli noarch > > 1.4-4.module+el8.3.0+133+b8b54b58 > > @appstream 91 k > > apache-commons-codec noarch > > 1.11-3.module+el8.3.0+133+b8b54b58 > > @appstream 361 k > > apache-commons-io noarch > > 1:2.6-3.module+el8.3.0+133+b8b54b58 > > @appstream 281 k > > apache-commons-lang3 noarch > > 3.7-3.module+el8.3.0+133+b8b54b58 > > @appstream 580 k > > apache-commons-logging noarch > > 1.2-13.module+el8.3.0+133+b8b54b58 > > @appstream 180 k > > apache-commons-net noarch > > 3.6-3.module+el8.3.0+53+ea062990 > > @appstream 340 k > > apr x86_64 > > 1.6.3-12.el8 > > @appstream 272 k > > apr-util x86_64 > > 1.6.1-6.el8.1 > > @appstream 217 k > > apr-util-bdb x86_64 > > 1.6.1-6.el8.1 > > @appstream 11 k > > apr-util-openssl x86_64 > > 1.6.1-6.el8.1 > > @appstream 20 k > > atk x86_64 > > 2.28.1-1.el8 > > @appstream 1.2 M > > augeas-libs x86_64 > > 1.12.0-6.el8 > > @baseos 1.3 M > > autofs x86_64 > > 1:5.1.4-74.el8 > > @baseos 2.8 M > > bash-completion noarch > > 1:2.7-5.el8 > > @baseos 895 k > > bea-stax-api noarch > > 1.2.0-16.module+el8.3.0+53+ea062990 > > @appstream 39 k > > bind x86_64 > > 32:9.11.26-6.el8 > > @appstream 4.5 M > > bind-dyndb-ldap x86_64 > > 11.6-2.module+el8.4.0+429+6bd33fea > > @appstream 313 k > > bind-pkcs11 x86_64 > > 32:9.11.26-6.el8 > > @appstream 839 k > > bind-pkcs11-libs x86_64 > > 32:9.11.26-6.el8 > > @appstream 2.9 M > > bind-pkcs11-utils x86_64 > > 32:9.11.26-6.el8 > > @appstream 648 k > > cairo x86_64 > > 1.15.12-3.el8 > > @appstream 1.7 M > > certmonger x86_64 > > 0.79.13-3.el8 > > @appstream 2.9 M > > checkpolicy x86_64 > > 2.9-1.el8 > > @baseos 1.3 M > > copy-jdk-configs noarch > > 4.0-2.el8 > > @appstream 19 k > > custodia noarch > > 0.6.0-3.module+el8.4.0+429+6bd33fea > > @appstream 55 k > > cyrus-sasl-gssapi x86_64 > > 2.1.27-6.el8_5 > > @baseos 41 k > > cyrus-sasl-md5 x86_64 > > 2.1.27-6.el8_5 > > @baseos 86 k > > cyrus-sasl-plain x86_64 > > 2.1.27-6.el8_5 > > @baseos 45 k > > fontawesome-fonts noarch > > 4.7.0-4.el8 > > @appstream 297 k > > fontconfig x86_64 > > 2.13.1-4.el8 > > @baseos 694 k > > fontpackages-filesystem noarch > > 1.44-22.el8 > > @baseos 0 > > fribidi x86_64 > > 1.0.4-8.el8 > > @appstream 312 k > > gdk-pixbuf2 x86_64 > > 2.36.12-5.el8 > > @baseos 2.5 M > > gdk-pixbuf2-modules x86_64 > > 2.36.12-5.el8 > > @appstream 269 k > > giflib x86_64 > > 5.1.4-3.el8 > > @appstream 100 k > > glassfish-fastinfoset noarch > > 1.2.13-9.module+el8.3.0+53+ea062990 > > @appstream 395 k > > glassfish-jaxb-api noarch > > 2.2.12-8.module+el8.3.0+53+ea062990 > > @appstream 115 k > > glassfish-jaxb-core noarch > > 2.2.11-11.module+el8.3.0+53+ea062990 > > @appstream 236 k > > glassfish-jaxb-runtime noarch > > 2.2.11-11.module+el8.3.0+53+ea062990 > > @appstream 1.1 M > > glassfish-jaxb-txw2 noarch > > 2.2.11-11.module+el8.3.0+53+ea062990 > > @appstream 153 k > > graphite2 x86_64 > > 1.3.10-10.el8 > > @appstream 247 k > > gssproxy x86_64 > > 0.8.0-19.el8 > > @baseos 262 k > > gtk-update-icon-cache x86_64 > > 3.22.30-8.el8 > > @appstream 59 k > > gtk2 x86_64 > > 2.24.32-5.el8 > > @appstream 13 M > > harfbuzz x86_64 > > 1.7.5-3.el8 > > @appstream 724 k > > hicolor-icon-theme noarch > > 0.17-2.el8 > > @appstream 72 k > > httpcomponents-client noarch > > 4.5.5-4.module+el8.3.0+133+b8b54b58 > > @appstream 915 k > > httpcomponents-core noarch > > 4.4.10-3.module+el8.3.0+133+b8b54b58 > > @appstream 1.1 M > > httpd x86_64 > > 2.4.37-43.module+el8.5.0+747+83fae388.3 > > @appstream 4.3 M > > httpd-filesystem noarch > > 2.4.37-43.module+el8.5.0+747+83fae388.3 > > @appstream 400 > > httpd-tools x86_64 > > 2.4.37-43.module+el8.5.0+747+83fae388.3 > > @appstream 194 k > > ipa-client x86_64 > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 260 k > > ipa-client-common noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 47 k > > ipa-common noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 3.9 M > > ipa-selinux noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 16 k > > ipa-server-common noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 2.3 M > > istack-commons-runtime noarch > > 2.21-9.el8 > > @appstream 63 k > > jackson-annotations noarch > > 2.10.0-1.module+el8.3.0+53+ea062990 > > @appstream 82 k > > jackson-core noarch > > 2.10.0-1.module+el8.3.0+53+ea062990 > > @appstream 376 k > > jackson-databind noarch > > 2.10.0-1.module+el8.3.0+53+ea062990 > > @appstream 1.5 M > > jackson-jaxrs-json-provider noarch > > 2.9.9-1.module+el8.3.0+53+ea062990 > > @appstream 20 k > > jackson-jaxrs-providers noarch > > 2.9.9-1.module+el8.3.0+53+ea062990 > > @appstream 47 k > > jackson-module-jaxb-annotations noarch > > 2.7.6-4.module+el8.3.0+53+ea062990 > > @appstream 47 k > > jasper-libs x86_64 > > 2.0.14-5.el8 > > @appstream 363 k > > java-1.8.0-openjdk x86_64 > > 1:1.8.0.322.b06-2.el8_5 > > @appstream 841 k > > java-1.8.0-openjdk-devel x86_64 > > 1:1.8.0.322.b06-2.el8_5 > > @appstream 41 M > > java-1.8.0-openjdk-headless x86_64 > > 1:1.8.0.322.b06-2.el8_5 > > @appstream 117 M > > javapackages-filesystem noarch > > 5.3.0-2.module+el8.3.0+125+5da1ae29 > > @appstream 1.9 k > > javapackages-tools noarch > > 5.3.0-2.module+el8.3.0+125+5da1ae29 > > @appstream 63 k > > jbigkit-libs x86_64 > > 2.1-14.el8 > > @appstream 107 k > > jboss-annotations-1.2-api noarch > > 1.0.0-4.el8 > > @appstream 64 k > > jboss-jaxrs-2.0-api noarch > > 1.0.0-6.el8 > > @appstream 135 k > > jboss-logging noarch > > 3.3.0-5.el8 > > @appstream 78 k > > jboss-logging-tools noarch > > 2.0.1-6.el8 > > @appstream 197 k > > jdeparser noarch > > 2.0.0-5.el8 > > @appstream 242 k > > jss x86_64 > > 4.9.1-1.module+el8.5.0+701+8dc610e5 > > @appstream 1.5 M > > keyutils x86_64 > > 1.5.10-9.el8 > > @baseos 118 k > > krb5-server x86_64 > > 1.18.2-14.el8 > > @baseos 1.4 M > > krb5-workstation x86_64 > > 1.18.2-14.el8 > > @baseos 3.3 M > > ldapjdk noarch > > 4.23.0-1.module+el8.5.0+701+8dc610e5 > > @appstream 350 k > > ldns x86_64 > > 1.7.0-21.el8 > > @appstream 418 k > > libX11 x86_64 > > 1.6.8-5.el8 > > @appstream 1.3 M > > libX11-common noarch > > 1.6.8-5.el8 > > @appstream 1.3 M > > libXau x86_64 > > 1.0.9-3.el8 > > @appstream 60 k > > libXcomposite x86_64 > > 0.4.4-14.el8 > > @appstream 35 k > > libXcursor x86_64 > > 1.1.15-3.el8 > > @appstream 46 k > > libXdamage x86_64 > > 1.1.4-14.el8 > > @appstream 29 k > > libXext x86_64 > > 1.3.4-1.el8 > > @appstream 90 k > > libXfixes x86_64 > > 5.0.3-7.el8 > > @appstream 27 k > > libXft x86_64 > > 2.3.3-1.el8 > > @appstream 129 k > > libXi x86_64 > > 1.7.10-1.el8 > > @appstream 73 k > > libXinerama x86_64 > > 1.1.4-1.el8 > > @appstream 15 k > > libXrandr x86_64 > > 1.5.2-1.el8 > > @appstream 48 k > > libXrender x86_64 > > 0.9.10-7.el8 > > @appstream 47 k > > libXtst x86_64 > > 1.2.3-7.el8 > > @appstream 34 k > > libdatrie x86_64 > > 0.2.9-7.el8 > > @appstream 59 k > > libfontenc x86_64 > > 1.1.3-8.el8 > > @appstream 55 k > > libipa_hbac x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 58 k > > libkadm5 x86_64 > > 1.18.2-14.el8 > > @baseos 219 k > > libsss_simpleifp x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 32 k > > libthai x86_64 > > 0.1.27-2.el8 > > @appstream 751 k > > libtiff x86_64 > > 4.0.9-20.el8 > > @appstream 506 k > > libverto-libevent x86_64 > > 0.3.0-5.el8 > > @baseos 12 k > > libxcb x86_64 > > 1.13.1-1.el8 > > @appstream 1.0 M > > libxslt x86_64 > > 1.1.32-6.el8 > > @baseos 734 k > > lksctp-tools x86_64 > > 1.0.18-3.el8 > > @baseos 246 k > > lua x86_64 > > 5.3.4-12.el8 > > @appstream 553 k > > mailcap noarch > > 2.1.48-3.el8 > > @baseos 71 k > > mod_auth_gssapi x86_64 > > 1.6.1-7.1.el8 > > @appstream 177 k > > mod_http2 x86_64 > > 1.15.7-3.module+el8.5.0+695+1fa8055e > > @appstream 394 k > > mod_lookup_identity x86_64 > > 1.0.0-4.el8 > > @appstream 50 k > > mod_session x86_64 > > 2.4.37-43.module+el8.5.0+747+83fae388.3 > > @appstream 112 k > > mod_ssl x86_64 > > 1:2.4.37-43.module+el8.5.0+747+83fae388.3 > > @appstream 266 k > > nfs-utils x86_64 > > 1:2.3.3-46.el8 > > @baseos 1.5 M > > nspr x86_64 > > 4.32.0-1.el8_4 > > @appstream 310 k > > nss x86_64 > > 3.67.0-7.el8_5 > > @appstream 2.0 M > > nss-softokn x86_64 > > 3.67.0-7.el8_5 > > @appstream 1.9 M > > nss-softokn-freebl x86_64 > > 3.67.0-7.el8_5 > > @appstream 792 k > > nss-sysinit x86_64 > > 3.67.0-7.el8_5 > > @appstream 14 k > > nss-tools x86_64 > > 3.67.0-7.el8_5 > > @appstream 2.3 M > > nss-util x86_64 > > 3.67.0-7.el8_5 > > @appstream 220 k > > oddjob x86_64 > > 0.34.7-1.el8 > > @appstream 162 k > > oddjob-mkhomedir x86_64 > > 0.34.7-1.el8 > > @appstream 71 k > > open-sans-fonts noarch > > 1.10-6.el8 > > @appstream 2.1 M > > opencryptoki x86_64 > > 3.16.0-7.el8_5 > > @baseos 382 k > > opencryptoki-icsftok x86_64 > > 3.16.0-7.el8_5 > > @baseos 809 k > > opencryptoki-libs x86_64 > > 3.16.0-7.el8_5 > > @baseos 123 k > > opendnssec x86_64 > > 2.1.7-1.module+el8.4.0+429+6bd33fea > > @appstream 1.7 M > > openldap-clients x86_64 > > 2.4.46-18.el8 > > @baseos 612 k > > openssl-perl x86_64 > > 1:1.1.1k-6.el8_5 > > @baseos 28 k > > pango x86_64 > > 1.42.4-8.el8 > > @appstream 771 k > > perl-Algorithm-Diff noarch > > 1.1903-9.el8 > > @baseos 108 k > > perl-Archive-Tar noarch > > 2.30-1.el8 > > @baseos 151 k > > perl-Carp noarch > > 1.42-396.el8 > > @baseos 41 k > > perl-Compress-Raw-Bzip2 x86_64 > > 2.081-1.el8 > > @baseos 57 k > > perl-Compress-Raw-Zlib x86_64 > > 2.081-1.el8 > > @baseos 143 k > > perl-DB_File x86_64 > > 1.842-1.el8 > > @appstream 181 k > > perl-Data-Dumper x86_64 > > 2.167-399.el8 > > @baseos 104 k > > perl-Digest noarch > > 1.17-395.el8 > > @appstream 26 k > > perl-Digest-MD5 x86_64 > > 2.55-396.el8 > > @appstream 55 k > > perl-Encode x86_64 > > 4:2.97-3.el8 > > @baseos 9.7 M > > perl-Errno x86_64 > > 1.28-420.el8 > > @baseos 9.3 k > > perl-Exporter noarch > > 5.72-396.el8 > > @baseos 54 k > > perl-File-Path noarch > > 2.15-2.el8 > > @baseos 63 k > > perl-File-Temp noarch > > 0.230.600-1.el8 > > @baseos 161 k > > perl-Getopt-Long noarch > > 1:2.50-4.el8 > > @baseos 136 k > > perl-HTTP-Tiny noarch > > 0.074-1.el8 > > @baseos 146 k > > perl-IO x86_64 > > 1.38-420.el8 > > @baseos 136 k > > perl-IO-Compress noarch > > 2.081-1.el8 > > @baseos 792 k > > perl-IO-Socket-IP noarch > > 0.39-5.el8 > > @appstream 97 k > > perl-IO-Socket-SSL noarch > > 2.066-4.module+el8.4.0+512+d4f0fc54 > > @appstream 604 k > > perl-IO-Zlib noarch > > 1:1.10-420.el8 > > @baseos 19 k > > perl-MIME-Base64 x86_64 > > 3.15-396.el8 > > @baseos 40 k > > perl-Mozilla-CA noarch > > 20160104-7.module+el8.4.0+529+e3b3e624 > > @appstream 5.6 k > > perl-Net-SSLeay x86_64 > > 1.88-1.module+el8.4.0+512+d4f0fc54 > > @appstream 1.3 M > > perl-PathTools x86_64 > > 3.74-1.el8 > > @baseos 178 k > > perl-Pod-Escapes noarch > > 1:1.07-395.el8 > > @baseos 25 k > > perl-Pod-Perldoc noarch > > 3.28-396.el8 > > @baseos 165 k > > perl-Pod-Simple noarch > > 1:3.35-395.el8 > > @baseos 531 k > > perl-Pod-Usage noarch > > 4:1.69-395.el8 > > @baseos 49 k > > perl-Scalar-List-Utils x86_64 > > 3:1.49-2.el8 > > @baseos 121 k > > perl-Socket x86_64 > > 4:2.027-3.el8 > > @baseos 121 k > > perl-Storable x86_64 > > 1:3.11-3.el8 > > @baseos 216 k > > perl-Term-ANSIColor noarch > > 4.06-396.el8 > > @baseos 88 k > > perl-Term-Cap noarch > > 1.17-395.el8 > > @baseos 29 k > > perl-Text-Diff noarch > > 1.45-2.el8 > > @baseos 84 k > > perl-Text-ParseWords noarch > > 3.30-395.el8 > > @baseos 13 k > > perl-Text-Tabs+Wrap noarch > > 2013.0523-395.el8 > > @baseos 24 k > > perl-Time-Local noarch > > 1:1.280-1.el8 > > @baseos 59 k > > perl-URI noarch > > 1.73-3.el8 > > @appstream 211 k > > perl-Unicode-Normalize x86_64 > > 1.25-396.el8 > > @baseos 622 k > > perl-constant noarch > > 1.33-396.el8 > > @baseos 26 k > > perl-interpreter x86_64 > > 4:5.26.3-420.el8 > > @baseos 14 M > > perl-libnet noarch > > 3.11-3.el8 > > @appstream 271 k > > perl-libs x86_64 > > 4:5.26.3-420.el8 > > @baseos 5.8 M > > perl-macros x86_64 > > 4:5.26.3-420.el8 > > @baseos 5.1 k > > perl-parent noarch > > 1:0.237-1.el8 > > @baseos 9.0 k > > perl-podlators noarch > > 4.11-1.el8 > > @baseos 281 k > > perl-threads x86_64 > > 1:2.21-2.el8 > > @baseos 106 k > > perl-threads-shared x86_64 > > 1.58-2.el8 > > @baseos 76 k > > pixman x86_64 > > 0.38.4-1.el8 > > @appstream 681 k > > pki-acme noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 2.8 M > > pki-base noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 1.9 M > > pki-base-java noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 767 k > > pki-ca noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 3.3 M > > pki-kra noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 617 k > > pki-server noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 6.0 M > > pki-servlet-4.0-api noarch > > 1:9.0.30-3.module+el8.5.0+697+f586bb30 > > @appstream 332 k > > pki-servlet-engine noarch > > 1:9.0.30-3.module+el8.5.0+697+f586bb30 > > @appstream 6.4 M > > pki-symkey x86_64 > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 106 k > > pki-tools x86_64 > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 1.4 M > > policycoreutils-python-utils noarch > > 2.9-16.el8 > > @baseos 138 k > > psmisc x86_64 > > 23.1-5.el8 > > @baseos 483 k > > publicsuffix-list noarch > > 20180723-1.el8 > > @baseos 224 k > > python3-argcomplete noarch > > 1.9.3-6.el8 > > @appstream 194 k > > python3-asn1crypto noarch > > 0.24.0-3.el8 > > @baseos 854 k > > python3-audit x86_64 > > 3.0-0.17.20191104git1c2f876.el8.1 > > @baseos 326 k > > python3-augeas noarch > > 0.5.0-12.el8 > > @appstream 87 k > > python3-babel noarch > > 2.5.1-7.el8 > > @appstream 20 M > > python3-cffi x86_64 > > 1.11.5-5.el8 > > @baseos 993 k > > python3-chardet noarch > > 3.0.4-7.el8 > > @baseos 904 k > > python3-cryptography x86_64 > > 3.2.1-5.el8 > > @baseos 2.7 M > > python3-custodia noarch > > 0.6.0-3.module+el8.4.0+429+6bd33fea > > @appstream 344 k > > python3-distro noarch > > 1.4.0-2.module+el8.3.0+120+426d8baf > > @appstream 150 k > > python3-dns noarch > > 1.15.0-10.el8 > > @baseos 1.0 M > > python3-gssapi x86_64 > > 1.5.1-5.el8 > > @appstream 1.9 M > > python3-html5lib noarch > > 1:0.999999999-6.el8 > > @appstream 1.1 M > > python3-idna noarch > > 2.5-5.el8 > > @baseos 509 k > > python3-ipaclient noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 7.1 M > > python3-ipalib noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 2.8 M > > python3-ipaserver noarch > > 4.9.6-10.module+el8.5.0+719+4f06efb6 > > @appstream 7.2 M > > python3-jinja2 noarch > > 2.10.1-3.el8 > > @appstream 2.5 M > > python3-jwcrypto noarch > > 0.5.0-1.module+el8.4.0+429+6bd33fea > > @appstream 231 k > > python3-kdcproxy noarch > > 0.4-5.module+el8.3.0+244+0b2ae752 > > @appstream 95 k > > python3-ldap x86_64 > > 3.3.1-2.el8 > > @appstream 820 k > > python3-ldb x86_64 > > 2.3.0-2.el8 > > @baseos 130 k > > python3-lib389 noarch > > 1.4.3.23-14.module+el8.5.0+745+c5be6847 > > @appstream 3.9 M > > python3-libipa_hbac x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 39 k > > python3-libsemanage x86_64 > > 2.9-6.el8 > > @baseos 438 k > > python3-libsss_nss_idmap x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 19 k > > python3-lxml x86_64 > > 4.2.3-3.el8 > > @appstream 4.8 M > > python3-markupsafe x86_64 > > 0.23-19.el8 > > @appstream 76 k > > python3-mod_wsgi x86_64 > > 4.6.4-4.el8 > > @appstream 9.5 M > > python3-netaddr noarch > > 0.7.19-8.el8 > > @appstream 8.4 M > > python3-netifaces x86_64 > > 0.10.6-4.el8 > > @appstream 39 k > > python3-nss x86_64 > > 1.0.1-10.module+el8.3.0+53+ea062990 > > @appstream 939 k > > python3-pip noarch > > 9.0.3-20.el8.rocky.0 > > @appstream 2.8 k > > python3-pki noarch > > 10.11.2-4.module+el8.5.0+731+6beda627 > > @appstream 698 k > > python3-policycoreutils noarch > > 2.9-16.el8 > > @baseos 5.4 M > > python3-psutil x86_64 > > 5.4.3-11.el8 > > @appstream 1.9 M > > python3-pyasn1 noarch > > 0.3.7-6.el8 > > @appstream 522 k > > python3-pyasn1-modules noarch > > 0.3.7-6.el8 > > @appstream 603 k > > python3-pycparser noarch > > 2.14-14.el8 > > @baseos 587 k > > python3-pysocks noarch > > 1.6.8-3.el8 > > @baseos 75 k > > python3-pytz noarch > > 2017.2-9.el8 > > @appstream 175 k > > python3-pyusb noarch > > 1.0.0-9.module+el8.4.0+429+6bd33fea > > @appstream 373 k > > python3-pyyaml x86_64 > > 3.12-12.el8 > > @baseos 634 k > > python3-qrcode-core noarch > > 5.1-12.module+el8.4.0+429+6bd33fea > > @appstream 105 k > > python3-requests noarch > > 2.20.0-2.1.el8_1 > > @baseos 369 k > > python3-samba x86_64 > > 4.14.5-10.el8_5 > > @baseos 18 M > > python3-setools x86_64 > > 4.3.0-2.el8 > > @baseos 2.6 M > > python3-setuptools noarch > > 39.2.0-6.el8 > > @baseos 450 k > > python3-sss x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 58 k > > python3-sss-murmur x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 8.3 k > > python3-sssdconfig noarch > > 2.5.2-2.el8_5.4 > > @baseos 245 k > > python3-systemd x86_64 > > 234-8.el8 > > @appstream 263 k > > python3-talloc x86_64 > > 2.3.2-1.el8 > > @baseos 29 k > > python3-tdb x86_64 > > 1.4.3-1.el8 > > @baseos 38 k > > python3-tevent x86_64 > > 0.11.0-0.el8 > > @baseos 29 k > > python3-urllib3 noarch > > 1.24.2-5.el8 > > @baseos 606 k > > python3-webencodings noarch > > 0.5.1-6.el8 > > @appstream 72 k > > python3-yubico noarch > > 1.3.2-9.module+el8.4.0+429+6bd33fea > > @appstream 220 k > > python36 x86_64 > > 3.6.8-38.module+el8.5.0+671+195e4563 > > @appstream 13 k > > quota x86_64 > > 1:4.04-14.el8 > > @baseos 887 k > > quota-nls noarch > > 1:4.04-14.el8 > > @baseos 277 k > > relaxngDatatype noarch > > 2011.1-7.module+el8.3.0+53+ea062990 > > @appstream 30 k > > resteasy noarch > > 3.0.26-6.module+el8.5.0+697+f586bb30 > > @appstream 1.2 M > > rocky-logos-httpd noarch > > 85.0-3.el8 > > @baseos 22 k > > rocky-logos-ipa noarch > > 85.0-3.el8 > > @appstream 630 k > > rpcbind x86_64 > > 1.2.5-8.el8 > > @baseos 108 k > > samba x86_64 > > 4.14.5-10.el8_5 > > @baseos 2.5 M > > samba-common-tools x86_64 > > 4.14.5-10.el8_5 > > @baseos 1.2 M > > samba-libs x86_64 > > 4.14.5-10.el8_5 > > @baseos 301 k > > samba-winbind x86_64 > > 4.14.5-10.el8_5 > > @baseos 1.5 M > > samba-winbind-modules x86_64 > > 4.14.5-10.el8_5 > > @baseos 87 k > > slapi-nis x86_64 > > 0.56.6-4.module+el8.5.0+675+61f67439 > > @appstream 452 k > > slf4j noarch > > 1.7.25-4.module+el8.5.0+697+f586bb30 > > @appstream 82 k > > slf4j-jdk14 noarch > > 1.7.25-4.module+el8.5.0+697+f586bb30 > > @appstream 11 k > > softhsm x86_64 > > 2.6.0-5.module+el8.4.0+429+6bd33fea > > @appstream 1.5 M > > sscg x86_64 > > 2.3.3-14.el8 > > @appstream 98 k > > sssd-common-pac x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 251 k > > sssd-dbus x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 352 k > > sssd-ipa x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 708 k > > sssd-krb5-common x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 290 k > > sssd-tools x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 421 k > > sssd-winbind-idmap x86_64 > > 2.5.2-2.el8_5.4 > > @baseos 16 k > > stax-ex noarch > > 1.7.7-8.module+el8.3.0+53+ea062990 > > @appstream 80 k > > tar x86_64 > > 2:1.30-5.el8 > > @baseos 2.7 M > > tomcatjss noarch > > 7.7.0-1.module+el8.5.0+701+8dc610e5 > > @appstream 76 k > > ttmkfdir x86_64 > > 3.0.9-54.el8 > > @appstream 124 k > > tzdata-java noarch > > 2022a-1.el8 > > @appstream 362 k > > words noarch > > 3.0-28.el8 > > @baseos 4.7 M > > xalan-j2 noarch > > 2.7.1-38.module+el8.3.0+53+ea062990 > > @appstream 2.1 M > > xerces-j2 noarch > > 2.11.0-34.module+el8.3.0+53+ea062990 > > @appstream 1.3 M > > xml-commons-apis noarch > > 1.4.01-25.module+el8.5.0+697+f586bb30 > > @appstream 330 k > > xml-commons-resolver noarch > > 1.2-26.module+el8.3.0+53+ea062990 > > @appstream 121 k > > xmlrpc-c x86_64 > > 1.51.0-5.el8 > > @baseos 592 k > > xmlrpc-c-client x86_64 > > 1.51.0-5.el8 > > @baseos 56 k > > xmlstreambuffer noarch > > 1.5.4-8.module+el8.3.0+53+ea062990 > > @appstream 113 k > > xorg-x11-font-utils x86_64 > > 1:7.5-41.el8 > > @appstream 362 k > > xorg-x11-fonts-Type1 noarch > > 7.5-19.el8 > > @appstream 863 k > > xsom noarch > > 0-19.20110809svn.module+el8.3.0+53+ea062990 > > @appstream 452 k > > > > Transaction Summary > > ============================================================================================================================================================================================================ > > Remove 301 Packages > > > > Freed space: 471 M > > Is this ok [y/N]: > > Having forced the removal with rpm -e krb5-pkinit --nodeps, I have the > following output: > > [root@idmt01 ~]# KRB5_TRACE=/dev/stdout kpasswd u...@adtest.fnr.gub.uy > [1801] 1651587927.720656: Getting initial credentials for > u...@adtest.fnr.gub.uy > [1801] 1651587927.720657: Setting initial creds service to kadmin/changepw > [1801] 1651587927.720659: Sending unauthenticated request > [1801] 1651587927.720660: Sending request (179 bytes) to ADTEST.FNR.GUB.UY > [1801] 1651587927.720661: Sending DNS URI query for > _kerberos.ADTEST.FNR.GUB.UY. > [1801] 1651587927.720662: No URI records found > [1801] 1651587927.720663: Sending DNS SRV query for > _kerberos._udp.ADTEST.FNR.GUB.UY. > [1801] 1651587927.720664: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." > [1801] 1651587927.720665: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." > [1801] 1651587927.720666: Sending DNS SRV query for > _kerberos._tcp.ADTEST.FNR.GUB.UY. > [1801] 1651587927.720667: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." > [1801] 1651587927.720668: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." > [1801] 1651587927.720669: Resolving hostname smbtest.adtest.fnr.gub.uy. > [1801] 1651587927.720670: Resolving hostname smbtest02.adtest.fnr.gub.uy. > [1801] 1651587927.720671: Resolving hostname smbtest.adtest.fnr.gub.uy. > [1801] 1651587927.720672: Initiating TCP connection to stream 10.2.100.3:88 > [1801] 1651587927.720673: Sending TCP request to stream 10.2.100.3:88 > [1801] 1651587927.720674: Received answer (314 bytes) from stream > 10.2.100.3:88 > [1801] 1651587927.720675: Terminating TCP connection to stream 10.2.100.3:88 > [1801] 1651587927.720676: Sending DNS URI query for > _kerberos.ADTEST.FNR.GUB.UY. > [1801] 1651587927.720677: No URI records found > [1801] 1651587927.720678: Sending DNS SRV query for > _kerberos-master._tcp.ADTEST.FNR.GUB.UY. > [1801] 1651587927.720679: No SRV records found > [1801] 1651587927.720680: Response was not from master KDC > [1801] 1651587927.720681: Received error from KDC: > -1765328359/Additional pre-authentication required > [1801] 1651587927.720684: Preauthenticating using KDC method data > [1801] 1651587927.720685: Processing preauth types: PA-PK-AS-REQ (16), > PA-PK-AS-REP_OLD (15), PA-PKINIT-KX (147), PA-ENC-TIMESTAMP (2), > PA-FX-FAST (136), 655, PA-ETYPE-INFO2 (19) > [1801] 1651587927.720686: Selected etype info: etype aes256-cts, salt > "ADTEST.FNR.GUB.UYusu1", params "\x00\x00\x10\x00" > Password for u...@adtest.fnr.gub.uy: > [1801] 1651587936.906047: AS key obtained for encrypted timestamp: > aes256-cts/75AC > [1801] 1651587936.906049: Encrypted timestamp (for 1651587936.921584): > plain 301AA011180F32303232303530333134323533365AA10502030E0FF0, > encrypted > EB387E7F664143E3E03C1206A88BAD891E100BEC30FA51893222E41B95325D3DA1AF1E12FC4F1C7BC5856CA42A67FD0FF51CBB8DF46882C9 > [1801] 1651587936.906050: Preauth module encrypted_timestamp (2) > (real) returned: 0/Success > [1801] 1651587936.906051: Produced preauth for next request: > PA-ENC-TIMESTAMP (2) > [1801] 1651587936.906052: Sending request (257 bytes) to ADTEST.FNR.GUB.UY > [1801] 1651587936.906053: Sending DNS URI query for > _kerberos.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906054: No URI records found > [1801] 1651587936.906055: Sending DNS SRV query for > _kerberos._udp.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906056: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." > [1801] 1651587936.906057: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." > [1801] 1651587936.906058: Sending DNS SRV query for > _kerberos._tcp.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906059: SRV answer: 0 100 88 "smbtest02.adtest.fnr.gub.uy." > [1801] 1651587936.906060: SRV answer: 0 100 88 "smbtest.adtest.fnr.gub.uy." > [1801] 1651587936.906061: Resolving hostname smbtest02.adtest.fnr.gub.uy. > [1801] 1651587936.906062: Resolving hostname smbtest.adtest.fnr.gub.uy. > [1801] 1651587936.906063: Resolving hostname smbtest02.adtest.fnr.gub.uy. > [1801] 1651587936.906064: Initiating TCP connection to stream 10.2.100.4:88 > [1801] 1651587936.906065: Sending TCP request to stream 10.2.100.4:88 > [1801] 1651587936.906066: Received answer (1468 bytes) from stream > 10.2.100.4:88 > [1801] 1651587936.906067: Terminating TCP connection to stream 10.2.100.4:88 > [1801] 1651587936.906068: Sending DNS URI query for > _kerberos.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906069: No URI records found > [1801] 1651587936.906070: Sending DNS SRV query for > _kerberos-master._tcp.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906071: No SRV records found > [1801] 1651587936.906072: Response was not from master KDC > [1801] 1651587936.906073: Processing preauth types: PA-ETYPE-INFO2 (19) > [1801] 1651587936.906074: Selected etype info: etype aes256-cts, salt > "ADTEST.FNR.GUB.UYusu1", params "\x00\x00\x10\x00" > [1801] 1651587936.906075: Produced preauth for next request: (empty) > [1801] 1651587936.906076: AS key determined by preauth: aes256-cts/75AC > [1801] 1651587936.906077: Decrypted AS reply; session key is: aes256-cts/4C33 > [1801] 1651587936.906078: FAST negotiation: available > [1801] 1651587936.906079: Retrying AS request with master KDC > [1801] 1651587936.906080: Getting initial credentials for > u...@adtest.fnr.gub.uy > [1801] 1651587936.906081: Setting initial creds service to kadmin/changepw > [1801] 1651587936.906083: Sending unauthenticated request > [1801] 1651587936.906084: Sending request (179 bytes) to > ADTEST.FNR.GUB.UY (master) > [1801] 1651587936.906085: Sending DNS URI query for > _kerberos.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906086: No URI records found > [1801] 1651587936.906087: Sending DNS SRV query for > _kerberos-master._udp.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906088: Sending DNS SRV query for > _kerberos-master._tcp.ADTEST.FNR.GUB.UY. > [1801] 1651587936.906089: No SRV records found > kpasswd: KDC reply did not match expectations getting initial ticket > > I am sending the network trace at that moment too. Thanks!
Any news about this?. Thanks very much. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure