It looks like I have a replication issue.  What process manages replication?

root@nuc0:/var/log/sssd# KRB5_TRACE=/dev/stderr kinit jon
[6175] 1456260239.45010: Resolving unique ccache of type KEYRING
[6175] 1456260239.45131: Getting initial credentials for j...@mrjester.net
[6175] 1456260239.45497: Sending request (157 bytes) to MRJESTER.NET
[6175] 1456260239.47271: Resolving hostname dir1.mrjester.net.
[6175] 1456260239.48927: Sending initial UDP request to dgram 10.8.10.41:88
[6175] 1456260239.330215: Received answer (162 bytes) from dgram 10.8.10.41:88
[6175] 1456260239.330749: Response was from master KDC
[6175] 1456260239.330781: Received error from KDC: -1765328378/Client
not found in Kerberos database
kinit: Client 'j...@mrjester.net' not found in Kerberos database while
getting initial credentials
root@nuc0:/var/log/sssd# KRB5_TRACE=/dev/stderr kinit jon
[6176] 1456260254.528974: Resolving unique ccache of type KEYRING
[6176] 1456260254.529030: Getting initial credentials for j...@mrjester.net
[6176] 1456260254.529189: Sending request (157 bytes) to MRJESTER.NET
[6176] 1456260254.530384: Resolving hostname dir1.mrjester.net.
[6176] 1456260254.531265: Sending initial UDP request to dgram 10.8.10.41:88
[6176] 1456260254.533058: Received answer (162 bytes) from dgram 10.8.10.41:88
[6176] 1456260254.533548: Response was from master KDC
[6176] 1456260254.533598: Received error from KDC: -1765328378/Client
not found in Kerberos database
kinit: Client 'j...@mrjester.net' not found in Kerberos database while
getting initial credentials
root@nuc0:/var/log/sssd# KRB5_TRACE=/dev/stderr kinit jon
[6177] 1456260255.920994: Resolving unique ccache of type KEYRING
[6177] 1456260255.921053: Getting initial credentials for j...@mrjester.net
[6177] 1456260255.921216: Sending request (157 bytes) to MRJESTER.NET
[6177] 1456260255.922335: Resolving hostname dir0.mrjester.net.
[6177] 1456260255.923163: Sending initial UDP request to dgram 10.8.10.40:88
[6177] 1456260255.924918: Received answer (164 bytes) from dgram 10.8.10.40:88
[6177] 1456260255.925408: Response was from master KDC
[6177] 1456260255.925452: Received error from KDC:
-1765328361/Password has expired
[6177] 1456260255.925471: Principal expired; getting changepw ticket
[6177] 1456260255.925481: Getting initial credentials for j...@mrjester.net
[6177] 1456260255.925502: Setting initial creds service to kadmin/changepw
[6177] 1456260255.925531: Sending request (156 bytes) to MRJESTER.NET (master)
[6177] 1456260255.926385: Resolving hostname dir0.mrjester.net.
[6177] 1456260255.926895: Sending initial UDP request to dgram 10.8.10.40:88
[6177] 1456260256.927253: Received answer (243 bytes) from dgram 10.8.10.40:88
[6177] 1456260256.927330: Received error from KDC:
-1765328359/Additional pre-authentication required
[6177] 1456260256.927382: Processing preauth types: 136, 19, 2, 133
[6177] 1456260256.927410: Selected etype info: etype aes256-cts, salt
"v7Avt65hL<W[tX9W", params ""
[6177] 1456260256.927421: Received cookie: MIT
Password for j...@mrjester.net:
[6177] 1456260270.337075: AS key obtained for encrypted timestamp:
aes256-cts/5367
[6177] 1456260270.337171: Encrypted timestamp (for 1456260270.339584):
plain 301AA011180F32303136303232333230343433305AA1050203052E80,
encrypted 
3B8ECD496410D61EE4E22E9D990F1B9A78BB60D5C552612E87FAC17B3F0D95762F181315E2788EA60C12290D1887DFFDA1A01E67BB8DAC4F
[6177] 1456260270.337201: Preauth module encrypted_timestamp (2)
(real) returned: 0/Success
[6177] 1456260270.337211: Produced preauth for next request: 133, 2
[6177] 1456260270.337240: Sending request (249 bytes) to MRJESTER.NET (master)
[6177] 1456260270.338678: Resolving hostname dir1.mrjester.net.
[6177] 1456260270.339289: Sending initial UDP request to dgram 10.8.10.41:88
[6177] 1456260270.340389: Received answer (161 bytes) from dgram 10.8.10.41:88
[6177] 1456260270.340438: Received error from KDC: -1765328378/Client
not found in Kerberos database
kinit: Client 'j...@mrjester.net' not found in Kerberos database while
getting initial credentials

On Tue, Feb 23, 2016 at 3:42 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Tue, Feb 23, 2016 at 03:33:31PM -0500, Jester wrote:
>> Made no changes to the system between posting.  Only tried a couple of
>> kinits to generate some logs.
>>
>> Set sssd debug to 9, restarted, did a few kinits.
>
> kinit doesn't hit sssd, but goes directly to the KDC.
>
>>
>> root@nuc0:/var/log/sssd# service sssd start
>> root@nuc0:/var/log/sssd# kinit admin
>> Password for ad...@mrjester.net:
>> root@nuc0:/var/log/sssd# kinit jon
>> kinit: Client 'j...@mrjester.net' not found in Kerberos database while
>
> Again, if you're sure the principal 'jon' exists on the server, then I
> would suggest to try:
>     KRB5_TRACE=/dev/stderr kinit jon
> and see if you talk to the KDC you expect.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to