Sumit, Raised the debug level to 10 and let it run for about 24 hours. Uploading the last 2000~ lines of the sssd_domain.com.log. Thanks for your help!
https://pastebin.com/MD6N1Dj7 Jeff Hallyburton Strategic Systems Engineer Bloomip Inc. Web: http://www.bloomip.com Engineering Support: supp...@bloomip.com Billing Support: bill...@bloomip.com Customer Support Portal: https://my.bloomip.com <http://my.bloomip.com/> On Tue, Apr 19, 2016 at 1:14 PM, Jeff Hallyburton < jeff.hallybur...@bloomip.com> wrote: > Sumit, > > Raised the debug level to 10 and let it run for about 24 hours. Uploading > the full sssd_domain.com.log. Thanks for your help! > > Jeff > > Jeff Hallyburton > Strategic Systems Engineer > Bloomip Inc. > Web: http://www.bloomip.com > > Engineering Support: supp...@bloomip.com > Billing Support: bill...@bloomip.com > Customer Support Portal: https://my.bloomip.com <http://my.bloomip.com/> > > On Mon, Apr 18, 2016 at 10:58 AM, Sumit Bose <sb...@redhat.com> wrote: > >> On Fri, Apr 15, 2016 at 04:47:42PM -0400, Jeff Hallyburton wrote: >> > After setting debug_level=8, this is what I see in the sssd_domain_log: >> >> Unfortunately the domain log and the krb5_child log do not relate to >> each other. >> >> > >> > (Fri Apr 15 20:10:46 2016) [sssd[be[example.com]]] >> [child_handler_setup] >> > (0x2000): Setting up signal handler up for pid [32382] >> > >> >> .... >> >> > >> > (Fri Apr 15 20:32:47 2016) [[sssd[krb5_child[32731]]]] [k5c_setup_fast] >> > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/ >> > jump02.west-2.production.example....@example.com] >> > >> >> ... >> >> > (Fri Apr 15 20:32:47 2016) [[sssd[krb5_child[32731]]]] >> [get_and_save_tgt] >> > (0x0400): krb5_get_init_creds_password returned [-1765328324} during >> > pre-auth. >> > >> > >> > Can you shed any light on this? >> > >> >> In the domain log the child with the pid 32382 is started to run a >> pre-authentication request. The request is needed to find out which kind >> of authentication types are available for the user, e.g. password or >> 2-factor authentication with the OTP token. The request in the child >> with the PID 32731 looks like a real authentication request with returns >> with an error code -1765328324 which just means 'Generic error' but >> might have cause SSSD to go offline. >> >> I would like to ask you to run the test again with debug_level=10 in the >> [domain/...] section of sssd.conf which would enable some low level >> Kerberos tracing messages which might help to understand what kind of >> 'Generic error' was hit here. Additionally I would like ask you to send >> the full log files as attachment or in an archive which would hep be to >> better navigate through them. >> >> bye, >> Sumit >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project