[Freeipa-users] Troubleshooting SSO
Gould, Joshua
Joshua.Gould at osumc.edu
Tue Mar 31 14:02:37 UTC 2015
Klist in Windows showed one ticket for the IPA domain.
#0> Client: adm-faru03 @ test.osuwmc
Server: krbtgt/UNIX.TEST.OSUWMC @ TEST.OSUWMC
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a40000 -> forward able renewable pre_authent
ok_as_delegate
Start Time: 3/31/2015: 9:29:25 (local)
End Time: 3/31/2015: 15:28:22 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
IPA and SSSD are:
ipa-server.x86_64
4.1.0-18.el7_1.3
sssd.x86_64
1.12.2-58.el7_1.6.1
Kinit adm-faru03 at TEST.OSUWMC was telling. Once it reported ³kinit: KDC
reply did not match expectations while getting initial credentials². We
waited a minute or two (were discussing results) and tried again just
adding the -V flag and it worked.
Kvno host/mid-ipa-vp01.unix.test.osuwmc at UNIX.TEST.OSUWMC = 2
Verbose logging in putty gave the following error:
On 3/31/15, 3:30 AM, "Sumit Bose" <sbose at redhat.com> wrote:
>
>Can you do the follwoing checks:
>
>Can you check by calling klist in a Windows Command window if you got
>
>
>a proper host/... ticket for the IPA host?
>
>
>
>
>
>What version of IPA and SSSD are you using.
>
>
>
>
>
>Can you check if the following works on a IPA host:
>
>
>
>
>
>kinit adm-faru03 at TEST.OSUWMC
>
>
>kvno host/name.of.the.ipa-client.to.login at IPA.REALM
>
>
>ssh -v -l adm-faru03 at test.osuwmc name.of.the.ipa-client.to.login
>
>
More information about the Freeipa-users
mailing list