On Thu, Jun 27, 2019 at 05:01:27PM +0000, Thomas Beaudry wrote: > Hi Jakub, > > So i tired > > >> Does it help to increase the dns_resolver_timeout from its default of 6 > seconds? Please see the note in man sssd-ad, there are several timeouts > that might need to be increased in unison, can you try e.g.: > ldap_opt_timeout = 20 > dns_resolver_timeout = 10 > > but it didn't fix the problem. Here is my domain log with the same > timesteamp as my id <user> command: https://pastebin.com/raw/swicNUPe > > thanks, > Thomas
OK, but now the error is different, right? At least in the domain log I see: (Thu Jun 27 12:56:09 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_get_tgt_recv] (0x0400): Child responded: 14 [Client not found in Kerberos database], expired on [0] btw I find it odd that the logs seemingly uses the host/hostname principal: (Thu Jun 27 12:56:03 2019) [sssd[be[MYDOMAIN.ca]]] [sdap_kinit_send] (0x0400): Attempting kinit (default, host/perform-capstone, MYDOMAIN.ca, 86400) did you specify ldap_sasl_authid yourself or did sssd pick this principal? If sssd did pick this principal, can I see the whole log? _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
