>
> Hi,
>

> I am using FreeIPA  version 4.4.0 and Active Directory trust setup.  on
> Active Directory side I am using UPN suffix.
>
> Following are my  setup.
>
> AD DOMANIN :- corp.addomain.com <http://corp.addomain.com>
> UPN suffix :- usern...@mydomain.com <mailto:usern...@mydomain.com>
>
> IPA DOMAIN :- ipa.ipadomain.local
> IPA server hostname:- ilt-gif-ipa01.ipa.ipadomain.local
>
>
> I am able to login with AD user on IPA server. But on IPA clinet i am
> not able to login i am getting the login message "Access denied". I have
> enabled the debug_level on sssd.conf on ipa client.
>
> below are some logs..
> ================
> /var/log/secure
>
> Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=x.x.x.x user=rg1989
> Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth): received for
> user e600336: 6 (Permission denied)
> Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): getting
> password (0x00000010)
> Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth):
> pam_get_item returned a password
> Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): internal
> module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'rg1989')
> Nov 16 09:00:52 ipa-clinet1 sshd[3752]: Failed password for rg1989 from
> x.x.x.x. port 48842 ssh2
> ================
>
> ================
> krb5_child.log
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> (0x1000): total buffer size: [159]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> enterprise principal [false] offline [false] UPN
> [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>]
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
> (0x0200): Switch user to [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is
> [KEYRING:persistent:1007656917] and is not active and TGT is  valid.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [k5c_precreate_ccache] (0x4000): Recreating ccache
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> [host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [find_principal_in_keytab] (0x4000): Trying to find principal
> host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL in keytab.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [match_principal]
> (0x1000): Principal matched to the sample
> (host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL).
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [check_fast_ccache] (0x0200): FAST TGT is still valid.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x2000):
> Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup]
> (0x2000): Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [set_lifetime_options] (0x0100): Cannot read
> [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> Will perform online auth
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [MYDOMAIN.COM <http://MYDOMAIN.COM>]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.416687: Getting
> initial credentials for rajat.gu...@mydomain.com
> <mailto:rajat.gu...@mydomain.com>
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418641: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418698: Retrieving
> host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from
> MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> -1765328243/Matching credential not found
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418756: Sending
> request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM>
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419718: Retrying
> AS request with master KDC
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419752: Getting
> initial credentials for rajat.gu...@mydomain.com
> <mailto:rajat.gu...@mydomain.com>
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419778: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419821: Retrieving
> host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from
> MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> -1765328243/Matching credential not found
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419859: Sending
> request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> (master)
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [get_and_save_tgt]
> (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> <http://MYDOMAIN.COM>"]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [map_krb5_error]
> (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> <http://MYDOMAIN.COM>"]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
> (0x0200): Received error code 1432158228
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> (0x1000): total buffer size: [159]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> enterprise principal [false] offline [false] UPN
> [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>]
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
> (0x0200): Switch user to [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is
> [KEYRING:persistent:1007656917] and is not active and TGT is  valid.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [k5c_precreate_ccache] (0x4000): Recreating ccache
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup_fast]
> (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to
> [host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [find_principal_in_keytab] (0x4000): Trying to find principal
> host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL in keytab.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [match_principal]
> (0x1000): Principal matched to the sample
> (host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL).
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [check_fast_ccache] (0x0200): FAST TGT is still valid.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x2000):
> Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup]
> (0x2000): Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [set_lifetime_options] (0x0100): Cannot read
> [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> Will perform online auth
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [MYDOMAIN.COM <http://MYDOMAIN.COM>]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.426870: Getting
> initial credentials for rajat.gu...@mydomain.com
> <mailto:rajat.gu...@mydomain.com>
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428706: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428762: Retrieving
> host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from
> MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> -1765328243/Matching credential not found
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428825: Sending
> request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM>
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429706: Retrying
> AS request with master KDC
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429740: Getting
> initial credentials for rajat.gu...@mydomain.com
> <mailto:rajat.gu...@mydomain.com>
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429767: FAST armor
> ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429812: Retrieving
> host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL ->
> krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM
> <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from
> MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result:
> -1765328243/Matching credential not found
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429854: Sending
> request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> (master)
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [get_and_save_tgt]
> (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> <http://MYDOMAIN.COM>"]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [map_krb5_error]
> (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM
> <http://MYDOMAIN.COM>"]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
> (0x0200): Received error code 1432158228
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> (0x1000): total buffer size: [159]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> enterprise principal [false] offline [true] UPN
> [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>]
>
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
> (0x0200): Switch user to [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is
> [KEYRING:persistent:1007656917] and is not active and TGT is  valid.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x2000):
> Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user]
> (0x0200): Already user [1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_setup]
> (0x2000): Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> [set_lifetime_options] (0x0100): Cannot read
> [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> Will perform offline auth
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> [create_empty_ccache] (0x1000): Existing ccache still valid, reusing
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]]
> [pack_response_packet] (0x2000): response packet size: [53]
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
> (0x1000): total buffer size: [52]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer]
> (0x0100): cmd [249] uid [1007656917] gid [1007656917] validate [true]
> enterprise principal [false] offline [true] UPN
> [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x2000):
> Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user]
> (0x0200): Already user [1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_setup]
> (0x2000): Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [set_lifetime_options] (0x0100): Cannot read
> [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> Will perform pre-auth
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [tgt_req_child]
> (0x1000): Attempting to get a TGT
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [get_and_save_tgt]
> (0x0400): Attempting kinit for realm [MYDOMAIN.COM <http://MYDOMAIN.COM>]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.766694: Getting
> initial credentials for rajat.gu...@mydomain.com
> <mailto:rajat.gu...@mydomain.com>
>
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.769074: Sending
> request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM>
>
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770020: Retrying
> AS request with master KDC
>
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770051: Getting
> initial credentials for rajat.gu...@mydomain.com
> <mailto:rajat.gu...@mydomain.com>
>
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770091: Sending
> request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> (master)
>
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [get_and_save_tgt]
> (0x0400): krb5_get_init_creds_password returned [-1765328230} during
> pre-auth.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]]
> [pack_response_packet] (0x2000): response packet size: [4]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400):
> krb5_child completed successfully
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> krb5_child started.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> (0x1000): total buffer size: [160]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true]
> enterprise principal [false] offline [true] UPN
> [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>]
>
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer]
> (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname:
> [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
> (0x0200): Switch user to [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds]
> (0x0200): Switch user to [0][0].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> [k5c_check_old_ccache] (0x4000): Ccache_file is
> [KEYRING:persistent:1007656917] and is not active and TGT is  valid.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x2000):
> Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> (0x0200): Trying to become user [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user]
> (0x0200): Already user [1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_setup]
> (0x2000): Running as [1007656917][1007656917].
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> [set_lifetime_options] (0x0100): Cannot read
> [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from
> environment.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> Will perform offline auth
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> [create_empty_ccache] (0x1000): Existing ccache still valid, reusing
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
> (0x0200): Received error code 0
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]]
> [pack_response_packet] (0x2000): response packet size: [53]
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data]
> (0x4000): Response sent.
> (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400):
> krb5_child completed successfully
>
> =======================
>
> Can you please help me to fix this,
>
> /Rajat
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to