On (28/06/17 16:51), Abhijit Tikekar wrote: >Hi Jakub, > >Thanks for the response. > >After enabling ldap_use_tokengroups = true, "id" command is now able to >retrieve all the group memberships for that user. But Authentication still >doesn't work. > >Also tried setting ad_gpo_access_control = permissive / access_provider = >permit but that didn't help. > >I am attaching both krb5_child.log and sssd_domain.log ( Both with Logon >level 10) here. These were captures during the authentication attempt. >
Logs are not from the same time. There is 8 minutes between authentication attempt an krb5_child.log. But I smell a crash in krb5_child.log (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.720777: Requesting tickets for host/[email protected], +referrals on (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.720845: Generated subkey for TGS request: aes256-cts/D868 (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.720891: etypes requested in TGS request: aes256-cts, aes128-cts, +des3-cbc-sha1, rc4-hmac (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.721078: Sending request (1750 bytes) to ABC.XYZ.LOCAL (Wed Jun 28 16:02:29 2017) [[sssd[krb5_child[23141]]]] [main] (0x0400): krb5_child started. (Wed Jun 28 16:02:29 2017) [[sssd[krb5_child[23141]]]] [unpack_buffer] (0x1000): total buffer size: [181] Because I would expect different messages at the end "16:02:27" and we can see only that new child started. LS _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
