On Tue, Feb 05, 2019 at 10:13:41PM -0000, Ian Puleston wrote:
> Thanks for the suggestion Sumit. Your kinit command gave this output:
>
> kinit: Pre-authentication failed: Permission denied while getting initial
> credentials
>
> I wasn't sure if I should run that direct from my domain user account or with
> su privilege, so tried the same with sudo and that gave:
>
> kinit: Keytab contains no suitable keys for [email protected]
> while getting initial credentials
Are you sure you quoted the trailing '$' in the principal name? e.g. you
should call this:
kinit -k '[email protected]'
>
> ldap_child.log contains just this (repeatedly):
>
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [main] (0x0400):
> ldap_child started.
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [unpack_buffer]
> (0x0200): Will run as [0][0].
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [become_user]
> (0x0200): Trying to become user [0][0].
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [become_user]
> (0x0200): Already user [0].
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]]
> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
> [[email protected]]
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]]
> [ldap_child_get_tgt_sync] (0x0100): Using keytab [MEMORY:/etc/krb5.keytab]
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13904]]]]
> [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
> Preauthentication failed
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13904]]]] [main] (0x0020):
> ldap_child_get_tgt_sync failed.
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13904]]]] [prepare_response]
> (0x0400): Building response for result [-1765328360]
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13904]]]] [main] (0x0400):
> ldap_child completed successfully
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]]
> [ldap_child_get_tgt_sync] (0x0010): Failed to init credentials:
> Preauthentication failed
This means the machine credentials in the keytab cannot be used to
authenticate to the server, most probably the client has to be re-joined
or the keytab otherwise regenerated.
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [main] (0x0020):
> ldap_child_get_tgt_sync failed.
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [prepare_response]
> (0x0400): Building response for result [-1765328360]
> (Tue Feb 5 14:00:15 2019) [[sssd[ldap_child[13905]]]] [main] (0x0400):
> ldap_child completed successfully
>
> Ian
> _______________________________________________
> sssd-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
