On Fri, Jan 15, 2021 at 01:45:33PM +0100, mbalembo wrote: > Hello, > > > I have trouble obtaining a kerberos ticket when loggin with sssd. > > in /var/log/sssd/krb5_child.log i get the line : > [[sssd[krb5_child[9521]]]] [unpack_buffer] (0x0100): cmd [241] uid [10007] > gid [10000] validate [false] enterprise principal [true] offline [false] UPN > [USER@MYDOMAIN] > > My problem is i need to restart the service to switch this to "offline > [false]". > > (Note that authentication works otherwise, it's just the kerberos ticket > that is missing). > > Maybe I missed an option to set the update rate ?
Hi, you should check in the domain log sssd_your.domain.name.log why SSSD switched into offline mode. It might be an error while connecting to a LDAP server or hitting some timeouts during authentication or other reasons. In offline mode SSSD uses a cached password has from the last successful online authentication to authenticate the user. That explains why authentication works but you do not have a Kerberos ticket, which can only be requested when online. HTH bye, Sumit > > > Thanks, > Marc > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
