[Freeipa-users] gssapi ssh works, pam user/password does not work

Natxo Asenjo natxo.asenjo at gmail.com
Thu Nov 5 09:30:10 UTC 2015 

hi Sumit,

On Thu, Nov 5, 2015 at 10:14 AM, Sumit Bose <sbose at redhat.com> wrote:

> > how can I troubleshoot this issue?
>
> You should check the SSSD debug logs, see
> https://fedorahosted.org/sssd/wiki/Troubleshooting for details about how
> to enable debug logging and where to find the logs.
>
> My guess is that SSSD has issues reaching a server so the domain log and
> the krb5_child log would be the files I'd check first.
>
> If the logs don't help you feel free to send them directly to me, if
> possible with debug level 10.
>
> HTH
>
> bye,
> Sumit
>


I see this in krb5_child.log:

Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [main] (0x0400):
krb5_child started.
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [unpack_buffer]
(0x1000): total buffer size: [175]
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [unpack_buffer]
(0x0100): cmd [241] uid [1063000036] gid [1063000036] validate [true]
enterprise principal [false] offline [false] UPN [
capitar.admin at UNIX.IRISZORG.NL]
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [unpack_buffer]
(0x0100): ccname: [FILE:/tmp/krb5cc_1063000036_XXXXXX] old_ccname:
[FILE:/tmp/krb5cc_1063000036_DKHexY] keytab: [/etc/krb5.keytab]
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [old_ccache_valid]
(0x0400): Saved ccache FILE:/tmp/krb5cc_1063000036_DKHexY doesn't exist,
ignoring
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]]
[k5c_check_old_ccache] (0x4000): Ccache_file is
[FILE:/tmp/krb5cc_1063000036_DKHexY] and is not active and TGT is not valid.
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]]
[k5c_precreate_ccache] (0x4000): Recreating ccache
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [check_parent_stat]
(0x0020): Private directory can only be created below a directory belonging
to root or to [1063000036].
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [create_ccache_dir]
(0x0010): Check the ownership and permissions of krb5_ccachedir: [/tmp].
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]]
[k5c_precreate_ccache] (0x0040): ccache creation failed.
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [k5c_ccache_setup]
(0x0040): Cannot precreate ccache
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]]
[privileged_krb5_setup] (0x0020): k5c_ccache_setup failed.
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [main] (0x0020):
privileged_krb5_setup failed.
(Thu Nov  5 10:23:50 2015) [[sssd[krb5_child[13083]]]] [main] (0x0020):
krb5_child failed!



--
Groeten,
na
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151105/039894d2/attachment.htm>

More information about the Freeipa-users mailing list