I don't get very far. Step one is non-existant, I never get the AS_REQ, even
going back several days in the log.
For step two, I get:
Mar 13 10:51:29 idm0.example.local krb5kdc[1704](info): TGS_REQ (6 etypes
{aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19),
aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
camellia256-cts-cmac(26), camellia128-cts-cmac(25)}) 192.168.37.50:
S4U2PROXY_MISSING_EXTENDED_KDC_SIGN_IN_EVIDENCE_TKT_PAC: authtime 1710323487,
etypes {rep=UNSUPPORTED:(0)} HTTP/[email protected] for
ldap/[email protected], KDC policy rejects request
Mar 13 10:51:29 idm0.example.local krb5kdc[1704](info): ...
CONSTRAINED-DELEGATION s4u-client=<unknown>
Mar 13 10:51:29 idm0.example.local krb5kdc[1704](info): closing down fd 4
(I know that naughtyhost.example.local is not mentioned in the entry, but it
happened as I attempted the request; I watched the log in realtime.)
And, obviously, we never get step three and four either.
Thanks for your continuous help, by the way!
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
