Hi Lukas,

such a realm does not exists, but it is my user principal name in AD, due to 
legacy compatibility with Exchange.

Best regards,
Fabian

-----Urspr√ľngliche Nachricht-----
Von: Lukas Slebodnik [mailto:lsleb...@redhat.com] 
Gesendet: Montag, 18. Januar 2016 18:03
An: Zoske, Fabian
Cc: freeipa-users@redhat.com
Betreff: Re: [Freeipa-users] Cross Domain Trust

On (12/01/16 11:11), Lukas Slebodnik wrote:
>On (12/01/16 08:25), Zoske, Fabian wrote:
>>We recently upgraded our IPA-Server from CentOS 7.1 to CentOS 7.2. So far no 
>>differences.
>>
>Then please provide sssd logfiles (1.13.3) from client and also log 
>files from sssd on freeipa server (sssd on freeipa server is used 
>indirectly by extop plugin in 389-ds)
>
>Please provide log files from the same time when you reproduced an issue.
>
Thank you very much for log files.

Authentication on client failed Due to following error:
(Thu Jan 14 12:58:36 2016) [[sssd[krb5_child[992]]]] [sss_child_krb5_trace_cb] 
(0x4000): [992] 1452772716.736098: Sending request (173 bytes) to 
EUROIMMUN.TEST (master)

(Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [get_and_save_tgt] 
(0x0020): 1232: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu 
Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [map_krb5_error] (0x0020): 
1301: [-1765328230][Cannot find KDC for realm "EUROIMMUN.TEST"] (Thu Jan 14 
12:58:37 2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x0200): Received 
error code 1432158209 (Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] 
[pack_response_packet] (0x2000): response packet size: [4] (Thu Jan 14 12:58:37 
2016) [[sssd[krb5_child[992]]]] [k5c_send_data] (0x4000): Response sent.
(Thu Jan 14 12:58:37 2016) [[sssd[krb5_child[992]]]] [main] (0x0400): 
krb5_child completed successfully


Do you have defineded the realm "EUROIMMUN.TEST" in your krb5.conf?

It is possible that sssd wrote snippet to the directory 
/var/lib/sss/pubconf/krb5.include.d/
but this directory is not included in krb5.conf.

$ grep includedir /etc/krb5.conf
includedir /var/lib/sss/pubconf/krb5.include.d/

BTW you can test the same operation as sssd did from command line.

KRB5_TRACE=/dev/stderr kinit f.zo...@euroimmun.test

or is this principal name an enterprise name?

LS

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to