[SSSD-users] SSSD ad mode issues version sssd-1.12.4-47.el6_7.7.x86_64

Fabien CARRE Thu, 10 Mar 2016 09:14:52 -0800

Hello,
I am experiencing some issues with this version of sssd in ad mode. I am
unable to connect to a computer. But when using the previous version on
another computer (sssd-1.11.6-30.el6.x86_64) it's working fine.


DC : Windows 2012R2
client 1 : centos 6.6 - sssd-1.11.6-30.el6.x86_64
client 2 centos 6.7-  sssd-1.12.4-47.el6_7.7.x86_64

I am attaching the krb5_child.log file.

Has anyone got the same issues ?

Thanks

Regards,

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [main] (0x0400): krb5_child started.
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [unpack_buffer] (0x1000): total buffer size: [125]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [unpack_buffer] (0x0100): cmd [241] uid [111111] gid [1111111] validate [true] enterprise principal [true] offline [false] UPN [[email protected]]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [unpack_buffer] (0x2000): No old ccache
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:111111] old_ccname: [not set] keytab: [/etc/krb5.keytab]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [check_use_fast] (0x0100): Not using FAST.
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [k5c_precreate_ccache] (0x4000): Recreating ccache
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [become_user] (0x0200): Trying to become user [111111][1111111].
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [main] (0x2000): Running as [111111][1111111].
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [k5c_setup] (0x2000): Running as [111111][1111111].
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [main] (0x0400): Will perform online auth
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [tgt_req_child] (0x1000): Attempting to get a TGT
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [EU.DOMAIN.COM]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.664492: Getting initial credentials for mytest\@[email protected]

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.664581: Sending request (219 bytes) to EU.DOMAIN.COM

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.664766: Sending initial UDP request to dgram 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.665964: Received answer from dgram 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.666054: Response was from master KDC

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.666074: Received error from KDC: -1765328359/Additional pre-authentication required

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.666129: Processing preauth types: 16, 15, 19, 2

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.666141: Selected etype info: etype aes256-cts, salt "EU.DOMAIN.COMmytest", params ""

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.674366: AS key obtained for encrypted timestamp: aes256-cts/4CD3

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.674405: Encrypted timestamp (for 1457629646.674380): plain 301AA011180F32303136303331303137303732365AA10502030A4A4C, encrypted 9AB9B53DFE7ABD21B60679A76950A7CFF70A466FF4455D666D9788720BA9B7EA67F4A9A1C9CBB9DC9A09170ABCEFA1B1C811994E7BFF29AC

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.674417: Preauth module encrypted_timestamp (2) (flags=1) returned: 0/Success

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.674428: Produced preauth for next request: 2

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.674443: Sending request (299 bytes) to EU.DOMAIN.COM

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.674491: Sending initial UDP request to dgram 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.675920: Received answer from dgram 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.675993: Response was from master KDC

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.676009: Received error from KDC: -1765328332/Response too big for UDP, retry with TCP

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.676017: Request or response is too big for UDP; retrying with TCP

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.676023: Sending request (299 bytes) to EU.DOMAIN.COM (tcp only)

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.676055: Initiating TCP connection to stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.676340: Sending TCP request to stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677624: Received answer from stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677685: Response was from master KDC

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677734: Processing preauth types: 19

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677756: Selected etype info: etype aes256-cts, salt "EU.DOMAIN.COMmytest", params ""

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677763: Produced preauth for next request: (empty)

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677788: AS key determined by preauth: aes256-cts/4CD3

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677871: Decrypted AS reply; session key is: rc4-hmac/A720

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677901: FAST negotiation: unavailable

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [4314436]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [validate_tgt] (0x2000): Found keytab entry with the realm of the credential.
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677957: Retrieving host/[email protected] from MEMORY:/etc/krb5.keytab (vno 0, enctype 0) with result: 0/Success

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677966: Resolving unique ccache of type MEMORY

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677980: Initializing MEMORY:ZIyWoF4 with default princ [email protected]

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677989: Removing [email protected] -> krbtgt/[email protected] from MEMORY:ZIyWoF4

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.677996: Storing [email protected] -> krbtgt/[email protected] in MEMORY:ZIyWoF4

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678029: Getting credentials [email protected] -> host/[email protected] using ccache MEMORY:ZIyWoF4

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678049: Retrieving [email protected] -> host/[email protected] from MEMORY:ZIyWoF4 with result: -1765328243/Matching credential not found

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678062: Retrieving [email protected] -> krbtgt/[email protected] from MEMORY:ZIyWoF4 with result: 0/Success

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678069: Found cached TGT for service realm: [email protected] -> krbtgt/[email protected]

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678075: Requesting tickets for host/[email protected], referrals on

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678089: Generated subkey for TGS request: rc4-hmac/4993

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678098: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678185: Sending request (1683 bytes) to EU.DOMAIN.COM

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678249: Initiating TCP connection to stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.678480: Sending TCP request to stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741482: Received answer from stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741654: Response was from master KDC

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741706: TGS request result: -1765328377/Server not found in Kerberos database

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741718: Requesting tickets for host/[email protected], referrals off

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741769: Generated subkey for TGS request: rc4-hmac/2A08

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741784: etypes requested in TGS request: aes256-cts, aes128-cts, des3-cbc-sha1, rc4-hmac

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741859: Sending request (1683 bytes) to EU.DOMAIN.COM

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.741913: Initiating TCP connection to stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.742169: Sending TCP request to stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.805000: Received answer from stream 10.218.194.10:88

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.805208: Response was from master KDC

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.805261: TGS request result: -1765328377/Server not found in Kerberos database

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [sss_child_krb5_trace_cb] (0x4000): [9342] 1457629646.805312: Destroying ccache MEMORY:ZIyWoF4

(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [validate_tgt] (0x0020): TGT failed verification using key for [host/[email protected]].
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [get_and_save_tgt] (0x0020): 1007: [-1765328377][Server not found in Kerberos database]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [map_krb5_error] (0x0020): 1069: [-1765328377][Server not found in Kerberos database]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [k5c_send_data] (0x0200): Received error code 1432158209
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [pack_response_packet] (0x2000): response packet size: [20]
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [k5c_send_data] (0x4000): Response sent.
(Thu Mar 10 18:07:26 2016) [[sssd[krb5_child[9342]]]] [main] (0x0400): krb5_child completed successfully

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]

[SSSD-users] SSSD ad mode issues version sssd-1.12.4-47.el6_7.7.x86_64

Reply via email to