[SSSD-users] Re: Problem with case sensitivity in Keytab

[Patrice Peterson]

Hi, thanks for taking the time to look at this!

The domain log file is pretty long at debug_level = 6, so I hope I've trimmed 
it down to the snippet that could be of interest (FQDN redacted):

    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [sdap_kinit_send] 
(0x0400): Attempting kinit (default, host/fqdn, XD.UNI-HALLE.DE, 86400)
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] 
[fo_resolve_service_send] (0x0100): Trying to resolve service 'AD'
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [resolve_srv_send] 
(0x0200): The status of SRV lookup is resolved
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] 
[be_resolve_server_process] (0x0200): Found address for server 
xd-dc02.xd.uni-halle.de: [172.30.10.2] TTL 3600
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] 
[create_tgt_req_send_buffer] (0x0400): buffer size: 84
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] 
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [write_pipe_handler] 
(0x0400): All data has been sent!
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [child_sig_handler] 
(0x0100): child [24138] finished successfully.
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [read_pipe_handler] 
(0x0400): EOF received, client finished
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [sdap_get_tgt_recv] 
(0x0400): Child responded: 14 [Client not found in Kerberos database], expired 
on [0]
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] [sdap_kinit_done] 
(0x0100): Could not get TGT: 14 [Bad address]
    (Mon Feb 22 21:22:12 2016) [sssd[be[xd.uni-halle.de]]] 
[sdap_cli_kinit_done] (0x0400): Cannot get a TGT: ret 
[1432158219](Authentication Failed)

ldap_child.log (debug_level = 6, I hope—I set the debug level under the [sssd] 
and [domain/foo] sections. FQDN redacted):

    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [main] (0x0400): 
ldap_child started.
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [unpack_buffer] 
(0x0200): Will run as [0][0].
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [become_user] 
(0x0200): Trying to become user [0][0].
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [become_user] 
(0x0200): Already user [0].
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] 
[ldap_child_get_tgt_sync] (0x0100): Principal name is: 
[host/f...@xd.uni-halle.de]
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] 
[ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab]
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] 
[ldap_child_get_tgt_sync] (0x0010): Failed to init credentials: Client 
'host/f...@xd.uni-halle.de' not found in Kerberos database
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [main] (0x0020): 
ldap_child_get_tgt_sync failed.
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [prepare_response] 
(0x0400): Building response for result [-1765328378]
    (Mon Feb 22 21:21:10 2016) [[sssd[ldap_child[23472]]]] [main] (0x0400): 
ldap_child completed successfully

This happens over and over.

-Patrice
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org