Hi all

how can i fix this issue.? even i tried to trust add AD again. that too
failed.

from where i need to troubleshoot ?

On Tue, Mar 17, 2015 at 3:02 PM, Ben .T.George <bentech4...@gmail.com>
wrote:

> Hi
>
> i did kinit
>
> [root@kwtpocpbis01 sssd]# kinit -kt /etc/dirsrv/ds.keytab
> kinit: Keytab contains no suitable keys for
> host/kwtpocpbis01.solaris.local@SOLARIS.LOCAL while getting initial
> credentials
>
>
> i destroyed and re-created. but still same
>
>
>
> On Tue, Mar 17, 2015 at 2:45 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
>
>> On Tue, Mar 17, 2015 at 02:38:41PM +0300, Ben .T.George wrote:
>> > here is separated logs:
>> >
>> > tail -f sssd_solaris.local.log
>>
>> Thank you, see inline:
>>
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_get_tgt_recv]
>> > (0x0400): Child responded: 14 [Decrypt integrity check failed], expired
>> on
>> > [0]
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]] [sdap_kinit_done]
>> > (0x0100): Could not get TGT: 14 [Bad address]
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [sdap_cli_kinit_done]
>> > (0x0400): Cannot get a TGT: ret [1432158219](Authentication Failed)
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [fo_set_port_status]
>> > (0x0100): Marking port 0 of server 'kwtpocpbis01.solaris.local' as 'not
>> > working'
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [fo_set_port_status]
>> > (0x0400): Marking port 0 of duplicate server
>> 'kwtpocpbis01.solaris.local'
>> > as 'not working'
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> [sdap_handle_release]
>> > (0x2000): Trace: sh[0x7f6b7d2c3140], connected[1], ops[(nil)],
>> > ldap[0x7f6b7d265a00], destructor_lock[0], release_memory[0]
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> > [remove_connection_callback] (0x4000): Successfully removed connection
>> > callback.
>> > (Tue Mar 17 14:35:45 2015) [sssd[be[solaris.local]]]
>> > [check_online_callback] (0x0100): Backend returned: (3, 0, <NULL>)
>> > [Internal Error (Success)]
>>
>> So it seems the keytab is wrong, you can also test the keytab validity
>> with "kinit -k"..
>>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to