On Wed, Jun 28, 2017 at 11:09:38PM +0200, Lukas Slebodnik wrote: > On (28/06/17 16:51), Abhijit Tikekar wrote: > >Hi Jakub, > > > >Thanks for the response. > > > >After enabling ldap_use_tokengroups = true, "id" command is now able to > >retrieve all the group memberships for that user. But Authentication still > >doesn't work. > > > >Also tried setting ad_gpo_access_control = permissive / access_provider = > >permit but that didn't help. > > > >I am attaching both krb5_child.log and sssd_domain.log ( Both with Logon > >level 10) here. These were captures during the authentication attempt. > > > > Logs are not from the same time. There is 8 minutes between authentication > attempt an krb5_child.log. > > But I smell a crash in krb5_child.log > > (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] > [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.720777: Requesting > tickets for host/[email protected], > +referrals on > (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] > [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.720845: Generated > subkey for TGS request: aes256-cts/D868 > (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] > [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.720891: etypes > requested in TGS request: aes256-cts, aes128-cts, > +des3-cbc-sha1, rc4-hmac > (Wed Jun 28 16:02:27 2017) [[sssd[krb5_child[23140]]]] > [sss_child_krb5_trace_cb] (0x4000): [23140] 1498680147.721078: Sending > request (1750 bytes) to ABC.XYZ.LOCAL > (Wed Jun 28 16:02:29 2017) [[sssd[krb5_child[23141]]]] [main] (0x0400): > krb5_child started. > (Wed Jun 28 16:02:29 2017) [[sssd[krb5_child[23141]]]] [unpack_buffer] > (0x1000): total buffer size: [181] > > > Because I would expect different messages at the end "16:02:27" > and we can see only that new child started.
Yes, either a crash, or the back end killed the krb5_child because of a timeout. This could be seen in the matching domain log --either you would see that the child was killed by signal 6 or 11 or similar (=crash) or you would see that the child was killed by the back end due to a time out. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
