Hi All, Last week I bound my computer to Active Directory and everything was working fine but as of today authentication has started to fail.
SSSD log In the logs (debug = 7) I see: (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_resolve_server_process] (0x0200): Found address for server pmc-dc2.petermac.org.au: [172.23.8.18] TTL 3600 (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [ad_resolve_callback] (0x0100): Constructed uri 'ldap://pmc-dc2.petermac.org.au' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [ad_resolve_callback] (0x0100): Constructed GC uri 'ldap://pmc-dc2.petermac.org.au' (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [write_pipe_handler] (0x0400): All data has been sent! (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): krb5_child started. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x1000): total buffer size: [136] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x0100): cmd [241] uid [1501] gid [1501] validate [true] enterprise principal [true] offline [false] UPN [Ellul [email protected]] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1501] old_ccname: [not set] keytab: [/etc/krb5.keytab] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [check_use_fast] (0x0100): Not using FAST. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [privileged_krb5_setup] (0x0080): Cannot open the PAC responder socket (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [become_user] (0x0200): Trying to become user [1501][1501]. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): Will perform online auth (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [tgt_req_child] (0x1000): Attempting to get a TGT (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [PETERMAC.ORG.AU] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [validate_tgt] (0x0020): TGT failed verification using key for [[email protected]]. (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [get_and_save_tgt] (0x0020): 1240: [-1765328340][Cannot find key for [email protected] kvno 3 in keytab] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [map_krb5_error] (0x0020): 1301: [-1765328340][Cannot find key for [email protected] kvno 3 in keytab] (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [k5c_send_data] (0x0200): Received error code 1432158209 (Mon May 23 17:18:58 2016) [[sssd[krb5_child[6572]]]] [main] (0x0400): krb5_child completed successfully (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [read_pipe_handler] (0x0400): EOF received, client finished (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [parse_krb5_child_response] (0x1000): child response [1432158209][6][8]. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [check_wait_queue] (0x1000): Wait queue for user [Ellul Jason] is empty. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [krb5_auth_queue_done] (0x1000): krb5_auth_queue request [0x555f73e8b420] done. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100): Backend returned: (0, 4, <NULL>) [Success] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100): Sending result [4][petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [be_pam_handler_callback] (0x0100): Sent result [4][petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [child_sig_handler] (0x1000): Waiting for child [6572]. (Mon May 23 17:18:58 2016) [sssd[be[petermac.org.au]]] [child_sig_handler] (0x0100): child [6572] finished successfully. (Mon May 23 17:18:58 2016) [sssd[pam]] [pam_dp_process_reply] (0x0200): received: [4 (System error)][petermac.org.au] (Mon May 23 17:18:58 2016) [sssd[pam]] [pam_reply] (0x0200): pam_reply called with result [4]: System error. (Mon May 23 17:18:58 2016) [sssd[pam]] [pam_reply] (0x0200): blen: 32 (Mon May 23 17:18:58 2016) [sssd[pam]] [client_recv] (0x0200): Client disconnected! (Mon May 23 17:18:59 2016) [sssd[nss]] [client_recv] (0x0200): Client disconnected! [root@la35185 jellul]# klist -k -t /etc/krb5.keytab Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal ---- ----------------- -------------------------------------------------------- 2 23/05/16 12:55:53 [email protected] 2 23/05/16 12:55:53 [email protected] 2 23/05/16 12:55:53 [email protected] 2 23/05/16 12:55:53 [email protected] 2 23/05/16 12:55:53 [email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 HOST/[email protected] 2 23/05/16 12:55:53 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:53 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:53 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:53 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:53 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:53 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:54 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:54 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:54 RestrictedKrbHost/[email protected] 2 23/05/16 12:55:54 RestrictedKrbHost/[email protected] Many thanks Jason _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
