sssd experts, We have a “nuisance-level” problem with RHEL8 physical builds after AD-integrating via sssd. How do I stop certain annoying messages in /var/log/messages?
This RHEL8 physical build properly creates an /etc/krb5.keytab file with the expected host entries. Here’s the snippet from kutil: [root@austgcore25 log]# cd /etc [root@austgcore25 etc]# ktutil ktutil: read_kt /etc/krb5.keytab ktutil: list -t -e -k slot KVNO Timestamp Principal ---- ---- ----------------- --------------------------------------------------- … 6 16 07/03/2019 21:31 host/[email protected] (des-cbc-crc) (0xbf3d37462967e65e) 7 16 07/03/2019 21:31 host/[email protected] (des-cbc-md5) (0xbf3d37462967e65e) 8 16 07/03/2019 21:31 host/[email protected] (arcfour-hmac) (0xa21feefac524db9e82f3e38e73551c28) 9 16 07/03/2019 21:31 host/[email protected] (aes128-cts-hmac-sha1-96) (0x196ff6a33ef6284bb432f97cf36e737c) 10 16 07/03/2019 21:31 host/[email protected] (aes256-cts-hmac-sha1-96) (0xadd866228352701a94f5cd40d76ed886a7fe084b2f7a90981b16d19f14962e3b) … The AD integration seems to work fine. I can log in with my AD account no problem. Even after reboots. (cross domain authentication temporarily not working on this build, likely unrelated.) However, we continue to get the complaints in /var/log/messages: Jul 8 11:38:25 austgcore25 [sssd[ldap_child[1816]]][1816]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/ [email protected]' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. Jul 8 11:38:26 austgcore25 [sssd[ldap_child[1817]]][1817]: Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client 'host/ [email protected]' not found in Kerberos database. Unable to create GSSAPI-encrypted LDAP connection. I notice it’s attempting to use MEMORY:/etc/krb5.keytab. How do I stop this annoying messages in /var/log/messages? We have multiple AD domains defined in our sssd.conf file for this cross-domain auth. (Usually, cross-domain auth works fine for us.) Spike
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
