[Freeipa-users] IPA not authenticating - SSSD issue maybe
Jakub Hrozek
jhrozek at redhat.com
Mon Apr 15 23:19:52 UTC 2013
On Mon, Apr 15, 2013 at 02:29:18PM -0400, Rob Crittenden wrote:
> There are some odd errors in ldap_child.log but it seems to cover a
> later period than the other logs (not being able to bind using its
> keytab is a bad thing).
>
> I think what you'll want to do, and this may be relatively tough, is
> try to correlate these failures with the 389-ds access log and the
> KDC logs to see if there are equivalent failures at around the same
> times.
I agree, the ldap_child failing usually indicates an issue with the
keytab and/or the KDC. The ldap_child functionality is roughly equivalent to
"kinit -k".
More information about the Freeipa-users
mailing list