Sumit Bose wrote:
Please send the full krb5_child.log with debug_level=10 in the
[domain/...] section of sssd.conf. My current guess is the ticket
validation fails. Which version of SSSD are you using?

bye,
Sumit


This is a CentOS 7 client running SSSD-1.13

Thank you. Lots of interesting info in this log. I've sanitized hostnames, username and IP but that was it:

### log data below ####


(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x0400): krb5_child started. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [unpack_buffer] (0x1000): total buffer size: [52] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [unpack_buffer] (0x0100): cmd [249] uid [1843770609] gid [1843770609] validate [true] enterprise principal [false] offline [false] UPN [usern...@company.org] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/usaeilvdip001.company-aws....@company-idm.org] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/usaeilvdip001.company-aws....@company-idm.org in keytab. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [match_principal] (0x1000): Principal matched to the sample (host/usaeilvdip001.company-aws....@company-idm.org). (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [become_user] (0x0200): Trying to become user [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_setup] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x0400): Will perform pre-auth (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [COMPANY.ORG] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455849: Getting initial credentials for usern...@company.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455913: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455943: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.455988: Sending request (169 bytes) to COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.456104: Resolving hostname COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.457461: Initiating TCP connection to stream 192.141.1.62:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.544892: Sending TCP request to stream 192.141.1.62:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.632904: Received answer (118 bytes) from stream 192.141.1.62:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.632941: Terminating TCP connection to stream 192.141.1.62:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633006: Response was from master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633037: Received error from KDC: -1765328316/Realm not local to KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633070: Following referral to realm NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633087: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633137: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.633176: Sending request (181 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.638652: Resolving hostname usetwadsfsmo04.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.639637: Sending initial UDP request to dgram 192.189.131.31:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.657192: Received answer (205 bytes) from dgram 192.189.131.31:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.657943: Response was not from master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.657987: Received error from KDC: -1765328359/Additional pre-authentication required

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658021: Processing preauth types: 16, 15, 19, 2

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658041: Selected etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_krb5_prompter] (0x0020): Cannot handle password prompts. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658071: Preauth module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read password

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658090: Retrying AS request with master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658098: Getting initial credentials for usern...@company.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658117: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658141: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658164: Sending request (169 bytes) to COMPANY.ORG (master)

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.658181: Resolving hostname COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.659023: Initiating TCP connection to stream 192.189.131.10:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.675608: Sending TCP request to stream 192.189.131.10:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692668: Received answer (118 bytes) from stream 192.189.131.10:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692717: Terminating TCP connection to stream 192.189.131.10:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692773: Received error from KDC: -1765328316/Realm not local to KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692789: Following referral to realm NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692806: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692842: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [sss_child_krb5_trace_cb] (0x4000): [4366] 1479830563.692878: Sending request (181 bytes) to NAFTA.COMPANY.ORG (master)

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [get_and_save_tgt] (0x0400): krb5_get_init_creds_password returned [-1765328254} during pre-auth. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_send_data] (0x0200): Received error code 0 (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [pack_response_packet] (0x2000): response packet size: [4] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [k5c_send_data] (0x4000): Response sent. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4366]]]] [main] (0x0400): krb5_child completed successfully (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [main] (0x0400): krb5_child started. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [unpack_buffer] (0x1000): total buffer size: [158] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [unpack_buffer] (0x0100): cmd [241] uid [1843770609] gid [1843770609] validate [true] enterprise principal [false] offline [false] UPN [usern...@company.org] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1843770609] old_ccname: [KEYRING:persistent:1843770609] keytab: [/etc/krb5.keytab] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [switch_creds] (0x0200): Switch user to [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [switch_creds] (0x0200): Switch user to [0][0]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1843770609] and is not active and TGT is valid. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [k5c_precreate_ccache] (0x4000): Recreating ccache (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/usaeilvdip001.company-aws....@company-idm.org] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/usaeilvdip001.company-aws....@company-idm.org in keytab. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [match_principal] (0x1000): Principal matched to the sample (host/usaeilvdip001.company-aws....@company-idm.org). (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [become_user] (0x0200): Trying to become user [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [main] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [k5c_setup] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [main] (0x0400): Will perform online auth (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [COMPANY.ORG] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708701: Getting initial credentials for usern...@company.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708766: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708797: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708845: Sending request (169 bytes) to COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.708968: Resolving hostname COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.710135: Initiating TCP connection to stream 192.141.1.63:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.796151: Sending TCP request to stream 192.141.1.63:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882766: Received answer (118 bytes) from stream 192.141.1.63:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882802: Terminating TCP connection to stream 192.141.1.63:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882886: Response was from master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882924: Received error from KDC: -1765328316/Realm not local to KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882941: Following referral to realm NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882956: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.882984: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.883019: Sending request (181 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.888739: Resolving hostname usetwadsgc06.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.889684: Sending initial UDP request to dgram 192.189.132.21:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.911271: Received answer (205 bytes) from dgram 192.189.132.21:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912054: Response was not from master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912092: Received error from KDC: -1765328359/Additional pre-authentication required

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912126: Processing preauth types: 16, 15, 19, 2

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.912145: Selected etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920736: AS key obtained for encrypted timestamp: aes256-cts/3D3B

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920813: Encrypted timestamp (for 1479830563.304057): plain 301AA011180F32303136313132323136303234335AA105020304A3B9, encrypted D2B644646EA65470D011BB1C63145BAB3DB096C644CC47DD7D23A2C4E51C4F42357493825530FFF5E852DEE96D794CD33492279CB85A8E8D

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920835: Preauth module encrypted_timestamp (2) (real) returned: 0/Success

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920843: Produced preauth for next request: 2

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.920879: Sending request (260 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.926274: Resolving hostname usetwadsgc06.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.927107: Sending initial UDP request to dgram 192.189.132.21:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.946258: Received answer (108 bytes) from dgram 192.189.132.21:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947022: Response was not from master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947057: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947068: Request or response is too big for UDP; retrying with TCP

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.947078: Sending request (260 bytes) to NAFTA.COMPANY.ORG (tcp only)

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.949638: Resolving hostname usetwadsfsmo03.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.950847: Initiating TCP connection to stream 192.189.131.30:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.967068: Sending TCP request to stream 192.189.131.30:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.985509: Received answer (2127 bytes) from stream 192.189.131.30:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.985549: Terminating TCP connection to stream 192.189.131.30:88

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986327: Response was not from master KDC

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986373: Processing preauth types: 19

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986395: Selected etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986405: Produced preauth for next request: (empty)

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986416: AS key determined by preauth: aes256-cts/3D3B

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986487: Decrypted AS reply; session key is: aes256-cts/6F15

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986501: FAST negotiation: unavailable

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [3966065] (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [validate_tgt] (0x2000): Keytab entry with the realm of the credential not found in keytab. Using the last entry. (Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986574: Retrieving host/usaeilvdip001.company-aws....@company-idm.org from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986582: Resolving unique ccache of type MEMORY

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986596: Initializing MEMORY:yWXP1Fr with default princ usern...@nafta.company.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986605: Storing usern...@nafta.company.org -> krbtgt/nafta.company....@nafta.company.org in MEMORY:yWXP1Fr

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986624: Getting credentials usern...@nafta.company.org -> host/usaeilvdip001.company-aws....@company-idm.org using ccache MEMORY:yWXP1Fr

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986650: Retrieving usern...@nafta.company.org -> host/usaeilvdip001.company-aws....@company-idm.org from MEMORY:yWXP1Fr with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986665: Retrieving usern...@nafta.company.org -> krbtgt/company-idm....@company-idm.org from MEMORY:yWXP1Fr with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986679: Retrieving usern...@nafta.company.org -> krbtgt/nafta.company....@nafta.company.org from MEMORY:yWXP1Fr with result: 0/Success

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986687: Starting with TGT for client realm: usern...@nafta.company.org -> krbtgt/nafta.company....@nafta.company.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986702: Retrieving usern...@nafta.company.org -> krbtgt/company-idm....@company-idm.org from MEMORY:yWXP1Fr with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986711: Requesting TGT krbtgt/company-idm....@nafta.company.org using TGT krbtgt/nafta.company....@nafta.company.org

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986728: Generated subkey for TGS request: aes256-cts/52B3

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986768: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986829: Encoding request body and padata into FAST request

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.986884: Sending request (2297 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.992252: Resolving hostname usetwadsfsmo04.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:43 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830563.993077: Sending initial UDP request to dgram 192.189.131.31:88

(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.10283: Received answer (105 bytes) from dgram 192.189.131.31:88

(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.11260: Response was not from master KDC

(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.11300: TGS request result: -1765328377/Server not found in Kerberos database

(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [sss_child_krb5_trace_cb] (0x4000): [4367] 1479830564.11322: Destroying ccache MEMORY:yWXP1Fr

(Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [validate_tgt] (0x0020): TGT failed verification using key for [host/usaeilvdip001.company-aws....@company-idm.org]. (Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [get_and_save_tgt] (0x0020): 1242: [-1765328377][Server not found in Kerberos database] (Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [map_krb5_error] (0x0020): 1303: [-1765328377][Server not found in Kerberos database] (Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [pack_response_packet] (0x2000): response packet size: [20] (Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [k5c_send_data] (0x4000): Response sent. (Tue Nov 22 16:02:44 2016) [[sssd[krb5_child[4367]]]] [main] (0x0400): krb5_child completed successfully (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x0400): krb5_child started. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [unpack_buffer] (0x1000): total buffer size: [52] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [unpack_buffer] (0x0100): cmd [249] uid [1843770609] gid [1843770609] validate [true] enterprise principal [false] offline [false] UPN [usern...@company.org] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/usaeilvdip001.company-aws....@company-idm.org] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/usaeilvdip001.company-aws....@company-idm.org in keytab. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [match_principal] (0x1000): Principal matched to the sample (host/usaeilvdip001.company-aws....@company-idm.org). (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [become_user] (0x0200): Trying to become user [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_setup] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x0400): Will perform pre-auth (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [COMPANY.ORG] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646744: Getting initial credentials for usern...@company.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646810: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646840: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.646884: Sending request (169 bytes) to COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.647003: Resolving hostname COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.648291: Initiating TCP connection to stream 192.141.1.10:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.734271: Sending TCP request to stream 192.141.1.10:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820703: Received answer (118 bytes) from stream 192.141.1.10:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820748: Terminating TCP connection to stream 192.141.1.10:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820812: Response was from master KDC

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820843: Received error from KDC: -1765328316/Realm not local to KDC

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820866: Following referral to realm NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820888: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820931: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.820969: Sending request (181 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.827033: Resolving hostname usetwadsgc06.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.827943: Sending initial UDP request to dgram 192.189.132.21:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.847365: Received answer (205 bytes) from dgram 192.189.132.21:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848133: Response was not from master KDC

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848172: Received error from KDC: -1765328359/Additional pre-authentication required

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848215: Processing preauth types: 16, 15, 19, 2

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848235: Selected etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_krb5_prompter] (0x0020): Cannot handle password prompts. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848264: Preauth module encrypted_timestamp (2) (real) returned: -1765328254/Cannot read password

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848283: Retrying AS request with master KDC

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848291: Getting initial credentials for usern...@company.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848309: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848331: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848355: Sending request (169 bytes) to COMPANY.ORG (master)

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.848371: Resolving hostname COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.849169: Initiating TCP connection to stream 192.189.131.28:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.866111: Sending TCP request to stream 192.189.131.28:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883592: Received answer (118 bytes) from stream 192.189.131.28:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883625: Terminating TCP connection to stream 192.189.131.28:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883676: Received error from KDC: -1765328316/Realm not local to KDC

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883692: Following referral to realm NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883709: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883744: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [sss_child_krb5_trace_cb] (0x4000): [4368] 1479830567.883778: Sending request (181 bytes) to NAFTA.COMPANY.ORG (master)

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [get_and_save_tgt] (0x0400): krb5_get_init_creds_password returned [-1765328254} during pre-auth. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_send_data] (0x0200): Received error code 0 (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [pack_response_packet] (0x2000): response packet size: [4] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [k5c_send_data] (0x4000): Response sent. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4368]]]] [main] (0x0400): krb5_child completed successfully (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [main] (0x0400): krb5_child started. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [unpack_buffer] (0x1000): total buffer size: [158] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [unpack_buffer] (0x0100): cmd [241] uid [1843770609] gid [1843770609] validate [true] enterprise principal [false] offline [false] UPN [usern...@company.org] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1843770609] old_ccname: [KEYRING:persistent:1843770609] keytab: [/etc/krb5.keytab] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [switch_creds] (0x0200): Switch user to [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [switch_creds] (0x0200): Switch user to [0][0]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [k5c_check_old_ccache] (0x4000): Ccache_file is [KEYRING:persistent:1843770609] and is not active and TGT is valid. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [k5c_precreate_ccache] (0x4000): Recreating ccache (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/usaeilvdip001.company-aws....@company-idm.org] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [find_principal_in_keytab] (0x4000): Trying to find principal host/usaeilvdip001.company-aws....@company-idm.org in keytab. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [match_principal] (0x1000): Principal matched to the sample (host/usaeilvdip001.company-aws....@company-idm.org). (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [become_user] (0x0200): Trying to become user [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [main] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [k5c_setup] (0x2000): Running as [1843770609][1843770609]. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [main] (0x0400): Will perform online auth (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [COMPANY.ORG] (Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899271: Getting initial credentials for usern...@company.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899337: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899368: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/COMPANY.ORG\@COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899415: Sending request (169 bytes) to COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.899575: Resolving hostname COMPANY.ORG

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.900935: Initiating TCP connection to stream 192.141.1.15:88

(Tue Nov 22 16:02:47 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830567.987925: Sending TCP request to stream 192.141.1.15:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75357: Received answer (118 bytes) from stream 192.141.1.15:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75404: Terminating TCP connection to stream 192.141.1.15:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75502: Response was from master KDC

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75529: Received error from KDC: -1765328316/Realm not local to KDC

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75544: Following referral to realm NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75559: FAST armor ccache: MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75586: Retrieving host/usaeilvdip001.company-aws....@company-idm.org -> krb5_ccache_conf_data/fast_avail/krbtgt\/NAFTA.COMPANY.ORG\@NAFTA.COMPANY.ORG@X-CACHECONF: from MEMORY:/var/lib/sss/db/fast_ccache_company-idm.org with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.75621: Sending request (181 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.81119: Resolving hostname usetwadsfsmo03.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.81947: Sending initial UDP request to dgram 192.189.131.30:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.99200: Received answer (205 bytes) from dgram 192.189.131.30:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100064: Response was not from master KDC

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100103: Received error from KDC: -1765328359/Additional pre-authentication required

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100136: Processing preauth types: 16, 15, 19, 2

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.100155: Selected etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108691: AS key obtained for encrypted timestamp: aes256-cts/3D3B

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108766: Encrypted timestamp (for 1479830568.478875): plain 301AA011180F32303136313132323136303234385AA1050203074E9B, encrypted 133359586FCB362BF70E6CC90D509C68D6B19903CE0113AD37826E22256090F77B2B7F0BE410C1D7E72F890C437A77FE4BE1DA21848F6209

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108787: Preauth module encrypted_timestamp (2) (real) returned: 0/Success

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108794: Produced preauth for next request: 2

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.108829: Sending request (260 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.114751: Resolving hostname usetwadsfsmo03.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.115601: Sending initial UDP request to dgram 192.189.131.30:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.133353: Received answer (108 bytes) from dgram 192.189.131.30:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134326: Response was not from master KDC

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134360: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134370: Request or response is too big for UDP; retrying with TCP

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.134379: Sending request (260 bytes) to NAFTA.COMPANY.ORG (tcp only)

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.137246: Resolving hostname friawadsgc12.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.138084: Initiating TCP connection to stream 192.141.1.52:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.224054: Sending TCP request to stream 192.141.1.52:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.311440: Received answer (2178 bytes) from stream 192.141.1.52:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.311483: Terminating TCP connection to stream 192.141.1.52:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312325: Response was not from master KDC

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312369: Processing preauth types: 19

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312381: Selected etype info: etype aes256-cts, salt "NAFTA.COMPANY.ORGusername", params ""

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312390: Produced preauth for next request: (empty)

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312401: AS key determined by preauth: aes256-cts/3D3B

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312459: Decrypted AS reply; session key is: aes256-cts/43A1

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312498: FAST negotiation: unavailable

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [3966060] (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [validate_tgt] (0x2000): Keytab entry with the realm of the credential not found in keytab. Using the last entry. (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312579: Retrieving host/usaeilvdip001.company-aws....@company-idm.org from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312588: Resolving unique ccache of type MEMORY

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312602: Initializing MEMORY:Fnv4hCg with default princ usern...@nafta.company.org

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312621: Storing usern...@nafta.company.org -> krbtgt/nafta.company....@nafta.company.org in MEMORY:Fnv4hCg

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312642: Getting credentials usern...@nafta.company.org -> host/usaeilvdip001.company-aws....@company-idm.org using ccache MEMORY:Fnv4hCg

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312668: Retrieving usern...@nafta.company.org -> host/usaeilvdip001.company-aws....@company-idm.org from MEMORY:Fnv4hCg with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312683: Retrieving usern...@nafta.company.org -> krbtgt/company-idm....@company-idm.org from MEMORY:Fnv4hCg with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312698: Retrieving usern...@nafta.company.org -> krbtgt/nafta.company....@nafta.company.org from MEMORY:Fnv4hCg with result: 0/Success

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312706: Starting with TGT for client realm: usern...@nafta.company.org -> krbtgt/nafta.company....@nafta.company.org

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312721: Retrieving usern...@nafta.company.org -> krbtgt/company-idm....@company-idm.org from MEMORY:Fnv4hCg with result: -1765328243/Matching credential not found

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312729: Requesting TGT krbtgt/company-idm....@nafta.company.org using TGT krbtgt/nafta.company....@nafta.company.org

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312747: Generated subkey for TGS request: aes256-cts/57A1

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312787: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac, camellia128-cts, camellia256-cts

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312840: Encoding request body and padata into FAST request

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.312894: Sending request (2313 bytes) to NAFTA.COMPANY.ORG

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.318783: Resolving hostname friawadsgc02.nafta.COMPANY.ORG.

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.319777: Sending initial UDP request to dgram 192.141.1.11:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.406882: Received answer (105 bytes) from dgram 192.141.1.11:88

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.407810: Response was not from master KDC

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.407847: TGS request result: -1765328377/Server not found in Kerberos database

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [sss_child_krb5_trace_cb] (0x4000): [4369] 1479830568.407869: Destroying ccache MEMORY:Fnv4hCg

(Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [validate_tgt] (0x0020): TGT failed verification using key for [host/usaeilvdip001.company-aws....@company-idm.org]. (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [get_and_save_tgt] (0x0020): 1242: [-1765328377][Server not found in Kerberos database] (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [map_krb5_error] (0x0020): 1303: [-1765328377][Server not found in Kerberos database] (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [pack_response_packet] (0x2000): response packet size: [20] (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [k5c_send_data] (0x4000): Response sent. (Tue Nov 22 16:02:48 2016) [[sssd[krb5_child[4369]]]] [main] (0x0400): krb5_child completed successfully
[root@usaeilvdip001 sssd]#


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to