On Fri, Jun 08, 2018 at 12:33:05PM +0000, JOHE (John Hearns) wrote:
> sssd version 1.15.0 running on Ubuntu Xenial.
> In my setup sssd is not automatically refreshing computer account tickets
> after 30 days, for some reason.
Do you have any logs? With debug_level=7 or higher the logs should
contains the adcli debug output which might help to understand why it
failed?
>
> I found te msktutil package, which has a cron job which runs msktutil
> --auto-update each day.
> So far so good.
>
> However msktutil --auto-update fails but msktutil --update works OK.
> Can anyone drop me a hint please why this might be so?
> Snippets from the verbose output below.
>
> /usr/sbin/msktutil --verbose --auto-update
> -- get_default_keytab: Obtaining the default keytab name:
> FILE:/etc/krb5.keytab
> -- create_fake_krb5_conf: Created a fake krb5.conf file:
> /tmp/.msktkrb5.conf-V1URdr
> -- reload: Reloading Kerberos Context
> -- finalize_exec: SAM Account Name is: and$
> -- try_machine_keytab_princ: Trying to authenticate for and$ from local
> keytab...
> -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed
> (Preauthentication failed)
This is the typical error code for wrong password/wrong key. Maybe you
can run both commands with
KRB5_TRACE=/dev/stdout /usr/sbin/msktutil ...
to see if there is any difference?
HTH
bye,
Sumit
> -- try_machine_keytab_princ: Authentication with keytab failed
>
>
>
>
>
> /usr/sbin/msktutil --verbose --update
> -- get_default_keytab: Obtaining the default keytab name:
> FILE:/etc/krb5.keytab
> -- create_fake_krb5_conf: Created a fake krb5.conf file:
> /tmp/.msktkrb5.conf-QXmuHN
> -- reload: Reloading Kerberos Context
> -- finalize_exec: SAM Account Name is: and$
> -- try_machine_keytab_princ: Trying to authenticate for and$ from local
> keytab...
> -- switch_default_ccache: Using the local credential cache:
> FILE:/tmp/.mskt_krb5_ccache-ZChBdy
> -- finalize_exec: Authenticated using method 1
>
>
>
>
>
>
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/[email protected]/message/M6PRA5MJYZLF4BBGAGM4RXMJSNK2VRJ6/
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZLCMOSTZC7JBIIJQKO3RKMY5DTYLUJMH/
