Sorry about that.. Bleeping send-button-shortcut. Let me continue.
Command I use to test: ssh userid@subdomain2@localhost The krb5_child.log contains these error messages: [[sssd[krb5_child[5720]]]] [get_and_save_tgt] (0x0400): Attempting kinit for realm [SUBDOMAIN1] [[sssd[krb5_child[5720]]]] [sss_krb5_expire_callback_func] (0x2000): exp_time: [5621224] [[sssd[krb5_child[5720]]]] [validate_tgt] (0x2000): Keytab entry with the realm of the credential not found in keytab. Using the last entry. [[sssd[krb5_child[5720]]]] [validate_tgt] (0x0020): TGT failed verification using key for [RestrictedKrbHost/myclient@SUBDOMAIN1]. [[sssd[krb5_child[5720]]]] [get_and_save_tgt] (0x0020): 1581: [-1765328377][Server not found in Kerberos database] [[sssd[krb5_child[5720]]]] [map_krb5_error] (0x0020): 1657: [-1765328377][Server not found in Kerberos database] I can get it to work using 'krb5_validate = false' but that disables some nice security measure. So.. Anyone that can help me back on track? AKA What did I do wrong this time? 2018-03-05 14:13 GMT+01:00 Roger Martensson <[email protected]>: > Hi! > > It's me again with multiple domain problems. :) > > I have once again problems with multiple domain. This time with login. > Maybe some one of you could explain to me what I did wrong this time. > > OS: Ubuntu 17.10 > SSSD: 1.15.3 > > Domain setup. two subdomain both connected to the same parent domain Both > subdomains contains users. Most of them only contains one domain but some > is found in both. > > Client is connected to subdomain1. I can login with a user on subdomain 1. > When login in to subdomain2 (both using 'su-with-password-prompt' and > 'ssh-to-localhost') I get a System Error 4. > > The log krb_child.log (which sssd_domain.log points to) I see these logs. > (altered some names) > >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
