On Fri, Jun 08, 2018 at 12:33:05PM +0000, JOHE (John Hearns) wrote: > sssd version 1.15.0 running on Ubuntu Xenial. > In my setup sssd is not automatically refreshing computer account tickets > after 30 days, for some reason.
Do you have any logs? With debug_level=7 or higher the logs should contains the adcli debug output which might help to understand why it failed? > > I found te msktutil package, which has a cron job which runs msktutil > --auto-update each day. > So far so good. > > However msktutil --auto-update fails but msktutil --update works OK. > Can anyone drop me a hint please why this might be so? > Snippets from the verbose output below. > > /usr/sbin/msktutil --verbose --auto-update > -- get_default_keytab: Obtaining the default keytab name: > FILE:/etc/krb5.keytab > -- create_fake_krb5_conf: Created a fake krb5.conf file: > /tmp/.msktkrb5.conf-V1URdr > -- reload: Reloading Kerberos Context > -- finalize_exec: SAM Account Name is: and$ > -- try_machine_keytab_princ: Trying to authenticate for and$ from local > keytab... > -- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed > (Preauthentication failed) This is the typical error code for wrong password/wrong key. Maybe you can run both commands with KRB5_TRACE=/dev/stdout /usr/sbin/msktutil ... to see if there is any difference? HTH bye, Sumit > -- try_machine_keytab_princ: Authentication with keytab failed > > > > > > /usr/sbin/msktutil --verbose --update > -- get_default_keytab: Obtaining the default keytab name: > FILE:/etc/krb5.keytab > -- create_fake_krb5_conf: Created a fake krb5.conf file: > /tmp/.msktkrb5.conf-QXmuHN > -- reload: Reloading Kerberos Context > -- finalize_exec: SAM Account Name is: and$ > -- try_machine_keytab_princ: Trying to authenticate for and$ from local > keytab... > -- switch_default_ccache: Using the local credential cache: > FILE:/tmp/.mskt_krb5_ccache-ZChBdy > -- finalize_exec: Authenticated using method 1 > > > > > > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/M6PRA5MJYZLF4BBGAGM4RXMJSNK2VRJ6/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/ZLCMOSTZC7JBIIJQKO3RKMY5DTYLUJMH/