> > Hi, >
> I am using FreeIPA version 4.4.0 and Active Directory trust setup. on > Active Directory side I am using UPN suffix. > > Following are my setup. > > AD DOMANIN :- corp.addomain.com <http://corp.addomain.com> > UPN suffix :- usern...@mydomain.com <mailto:usern...@mydomain.com> > > IPA DOMAIN :- ipa.ipadomain.local > IPA server hostname:- ilt-gif-ipa01.ipa.ipadomain.local > > > I am able to login with AD user on IPA server. But on IPA clinet i am > not able to login i am getting the login message "Access denied". I have > enabled the debug_level on sssd.conf on ipa client. > > below are some logs.. > ================ > /var/log/secure > > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth): > authentication failure; logname= uid=0 euid=0 tty=ssh ruser= > rhost=x.x.x.x user=rg1989 > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_sss(sshd:auth): received for > user e600336: 6 (Permission denied) > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): getting > password (0x00000010) > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): > pam_get_item returned a password > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: pam_winbind(sshd:auth): internal > module error (retval = PAM_AUTHINFO_UNAVAIL(9), user = 'rg1989') > Nov 16 09:00:52 ipa-clinet1 sshd[3752]: Failed password for rg1989 from > x.x.x.x. port 48842 ssh2 > ================ > > ================ > krb5_child.log > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [k5c_send_data] > (0x4000): Response sent. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4836]]]] [main] (0x0400): > krb5_child completed successfully > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400): > krb5_child started. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer] > (0x1000): total buffer size: [159] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer] > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true] > enterprise principal [false] offline [false] UPN > [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>] > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [unpack_buffer] > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname: > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds] > (0x0200): Switch user to [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [switch_creds] > (0x0200): Switch user to [0][0]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [k5c_check_old_ccache] (0x4000): Ccache_file is > [KEYRING:persistent:1007656917] and is not active and TGT is valid. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [k5c_precreate_ccache] (0x4000): Recreating ccache > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup_fast] > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to > [host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [find_principal_in_keytab] (0x4000): Trying to find principal > host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL in keytab. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [match_principal] > (0x1000): Principal matched to the sample > (host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL). > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [check_fast_ccache] (0x0200): FAST TGT is still valid. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x2000): > Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_setup] > (0x2000): Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [set_lifetime_options] (0x0100): Cannot read > [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400): > Will perform online auth > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [tgt_req_child] > (0x1000): Attempting to get a TGT > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [get_and_save_tgt] > (0x0400): Attempting kinit for realm [MYDOMAIN.COM <http://MYDOMAIN.COM>] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.416687: Getting > initial credentials for rajat.gu...@mydomain.com > <mailto:rajat.gu...@mydomain.com> > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418641: FAST armor > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418698: Retrieving > host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL -> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM > <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result: > -1765328243/Matching credential not found > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.418756: Sending > request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419718: Retrying > AS request with master KDC > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419752: Getting > initial credentials for rajat.gu...@mydomain.com > <mailto:rajat.gu...@mydomain.com> > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419778: FAST armor > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419821: Retrieving > host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL -> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM > <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result: > -1765328243/Matching credential not found > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [sss_child_krb5_trace_cb] (0x4000): [4837] 1479283764.419859: Sending > request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> (master) > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [get_and_save_tgt] > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM > <http://MYDOMAIN.COM>"] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [map_krb5_error] > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM > <http://MYDOMAIN.COM>"] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data] > (0x0200): Received error code 1432158228 > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] > [pack_response_packet] (0x2000): response packet size: [4] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [k5c_send_data] > (0x4000): Response sent. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4837]]]] [main] (0x0400): > krb5_child completed successfully > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400): > krb5_child started. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer] > (0x1000): total buffer size: [159] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer] > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true] > enterprise principal [false] offline [false] UPN > [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>] > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [unpack_buffer] > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname: > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds] > (0x0200): Switch user to [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [switch_creds] > (0x0200): Switch user to [0][0]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [k5c_check_old_ccache] (0x4000): Ccache_file is > [KEYRING:persistent:1007656917] and is not active and TGT is valid. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [k5c_precreate_ccache] (0x4000): Recreating ccache > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup_fast] > (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to > [host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [find_principal_in_keytab] (0x4000): Trying to find principal > host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL in keytab. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [match_principal] > (0x1000): Principal matched to the sample > (host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL). > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [check_fast_ccache] (0x0200): FAST TGT is still valid. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x2000): > Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_setup] > (0x2000): Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [set_lifetime_options] (0x0100): Cannot read > [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400): > Will perform online auth > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [tgt_req_child] > (0x1000): Attempting to get a TGT > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [get_and_save_tgt] > (0x0400): Attempting kinit for realm [MYDOMAIN.COM <http://MYDOMAIN.COM>] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.426870: Getting > initial credentials for rajat.gu...@mydomain.com > <mailto:rajat.gu...@mydomain.com> > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428706: FAST armor > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428762: Retrieving > host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL -> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM > <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result: > -1765328243/Matching credential not found > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.428825: Sending > request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429706: Retrying > AS request with master KDC > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429740: Getting > initial credentials for rajat.gu...@mydomain.com > <mailto:rajat.gu...@mydomain.com> > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429767: FAST armor > ccache: MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429812: Retrieving > host/ipa-clinet1.ipa.ipadomain.local@IPA.IPADOMAIN.LOCAL -> > krb5_ccache_conf_data/fast_avail/krbtgt\/MYDOMAIN.COM > <http://MYDOMAIN.COM>\@MYDOMAIN.COM@X-CACHECONF: from > MEMORY:/var/lib/sss/db/fast_ccache_IPA.IPADOMAIN.LOCAL with result: > -1765328243/Matching credential not found > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [sss_child_krb5_trace_cb] (0x4000): [4838] 1479283764.429854: Sending > request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> (master) > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [get_and_save_tgt] > (0x0020): 1296: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM > <http://MYDOMAIN.COM>"] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [map_krb5_error] > (0x0020): 1365: [-1765328230][Cannot find KDC for realm "MYDOMAIN.COM > <http://MYDOMAIN.COM>"] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data] > (0x0200): Received error code 1432158228 > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] > [pack_response_packet] (0x2000): response packet size: [4] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [k5c_send_data] > (0x4000): Response sent. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4838]]]] [main] (0x0400): > krb5_child completed successfully > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400): > krb5_child started. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer] > (0x1000): total buffer size: [159] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer] > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true] > enterprise principal [false] offline [true] UPN > [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>] > > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [unpack_buffer] > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname: > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds] > (0x0200): Switch user to [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [switch_creds] > (0x0200): Switch user to [0][0]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] > [k5c_check_old_ccache] (0x4000): Ccache_file is > [KEYRING:persistent:1007656917] and is not active and TGT is valid. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x2000): > Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [become_user] > (0x0200): Already user [1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_setup] > (0x2000): Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] > [set_lifetime_options] (0x0100): Cannot read > [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400): > Will perform offline auth > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] > [create_empty_ccache] (0x1000): Existing ccache still valid, reusing > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data] > (0x0200): Received error code 0 > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] > [pack_response_packet] (0x2000): response packet size: [53] > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [k5c_send_data] > (0x4000): Response sent. > (Wed Nov 16 09:09:24 2016) [[sssd[krb5_child[4839]]]] [main] (0x0400): > krb5_child completed successfully > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400): > krb5_child started. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer] > (0x1000): total buffer size: [52] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [unpack_buffer] > (0x0100): cmd [249] uid [1007656917] gid [1007656917] validate [true] > enterprise principal [false] offline [true] UPN > [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x2000): > Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [become_user] > (0x0200): Already user [1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_setup] > (0x2000): Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [set_lifetime_options] (0x0100): Cannot read > [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400): > Will perform pre-auth > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [tgt_req_child] > (0x1000): Attempting to get a TGT > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [get_and_save_tgt] > (0x0400): Attempting kinit for realm [MYDOMAIN.COM <http://MYDOMAIN.COM>] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.766694: Getting > initial credentials for rajat.gu...@mydomain.com > <mailto:rajat.gu...@mydomain.com> > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.769074: Sending > request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770020: Retrying > AS request with master KDC > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770051: Getting > initial credentials for rajat.gu...@mydomain.com > <mailto:rajat.gu...@mydomain.com> > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [sss_child_krb5_trace_cb] (0x4000): [4840] 1479283767.770091: Sending > request (164 bytes) to MYDOMAIN.COM <http://MYDOMAIN.COM> (master) > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [get_and_save_tgt] > (0x0400): krb5_get_init_creds_password returned [-1765328230} during > pre-auth. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data] > (0x0200): Received error code 0 > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] > [pack_response_packet] (0x2000): response packet size: [4] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [k5c_send_data] > (0x4000): Response sent. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4840]]]] [main] (0x0400): > krb5_child completed successfully > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400): > krb5_child started. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer] > (0x1000): total buffer size: [160] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer] > (0x0100): cmd [241] uid [1007656917] gid [1007656917] validate [true] > enterprise principal [false] offline [true] UPN > [rajat.gu...@mydomain.com <mailto:rajat.gu...@mydomain.com>] > > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [unpack_buffer] > (0x0100): ccname: [KEYRING:persistent:1007656917] old_ccname: > [KEYRING:persistent:1007656917] keytab: [/etc/krb5.keytab] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds] > (0x0200): Switch user to [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] > [sss_krb5_cc_verify_ccache] (0x2000): TGT not found or expired. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [switch_creds] > (0x0200): Switch user to [0][0]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] > [k5c_check_old_ccache] (0x4000): Ccache_file is > [KEYRING:persistent:1007656917] and is not active and TGT is valid. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x2000): > Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user] > (0x0200): Trying to become user [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [become_user] > (0x0200): Already user [1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_setup] > (0x2000): Running as [1007656917][1007656917]. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] > [set_lifetime_options] (0x0100): Cannot read > [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] > [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from > environment. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400): > Will perform offline auth > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] > [create_empty_ccache] (0x1000): Existing ccache still valid, reusing > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data] > (0x0200): Received error code 0 > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] > [pack_response_packet] (0x2000): response packet size: [53] > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [k5c_send_data] > (0x4000): Response sent. > (Wed Nov 16 09:09:27 2016) [[sssd[krb5_child[4841]]]] [main] (0x0400): > krb5_child completed successfully > > ======================= > > Can you please help me to fix this, > > /Rajat > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project