[SSSD-users] Re: Cannot authenticate user from parent domain in a child-domain joined server

Tue, 11 Dec 2018 05:42:58 -0800 

Hi Sumit,

On 2018-12-11 12:32, Sumit Bose wrote:



Now in /var/log/syslog, when I tail -f during sssctl user-checks, I 
get the

error:


	Dec 11 10:59:20 hs-svn-02 [sssd[krb5_child[20446]]]: Server not found 
in

Kerberos database

	Dec 11 10:59:20 hs-svn-02 [sssd[krb5_child[20446]]]: Server not found 
in

Kerberos database


This might be related to Kerberos ticket validation. Please try to add

    krb5_validate = False

to the [domain/...] section of sssd.conf, restart SSSD and try again.



Yep - that did the trick.


Even if this works it would be good to see the output of

    klist -k

as well to see what can be done to make ticket validation work.



This gives:

        root@hs-svn-02:/var/log/sssd# klist -k
        Keytab name: FILE:/etc/krb5.keytab
        KVNO Principal

	---- 
--------------------------------------------------------------------------

           2 HS-SVN-02$@DEVELOPMENT.CSESERV.COM
           2 HS-SVN-02$@DEVELOPMENT.CSESERV.COM
           2 HS-SVN-02$@DEVELOPMENT.CSESERV.COM
           2 HS-SVN-02$@DEVELOPMENT.CSESERV.COM
           2 HS-SVN-02$@DEVELOPMENT.CSESERV.COM
           2 HS-SVN-02$@DEVELOPMENT.CSESERV.COM
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 host/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com
           2 RestrictedKrbHost/hs-svn...@development.cseserv.com


Cheers,

Chris
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org






















					Reply via email to