The "KRB5_TRACE=/dev/stderr kinit jon" command helped out immensely by
pointing out that it was failing on dir1, but not dir0.

Turns out it was a DNS issue on my second directory server was breaking

Thank you for the assistance.

On Tue, Feb 23, 2016 at 3:42 PM, Jakub Hrozek <> wrote:

> On Tue, Feb 23, 2016 at 03:33:31PM -0500, Jester wrote:
> > Made no changes to the system between posting.  Only tried a couple of
> > kinits to generate some logs.
> >
> > Set sssd debug to 9, restarted, did a few kinits.
> kinit doesn't hit sssd, but goes directly to the KDC.
> >
> > root@nuc0:/var/log/sssd# service sssd start
> > root@nuc0:/var/log/sssd# kinit admin
> > Password for
> > root@nuc0:/var/log/sssd# kinit jon
> > kinit: Client '' not found in Kerberos database while
> Again, if you're sure the principal 'jon' exists on the server, then I
> would suggest to try:
>     KRB5_TRACE=/dev/stderr kinit jon
> and see if you talk to the KDC you expect.
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to