[Freeipa-users] ipa_get_*_acct request failed: [22]: Invalid argument on IPA client when looking up AD users

Tue Aug 9 13:16:04 UTC 2016

On Tue, Aug 09, 2016 at 03:13:25PM +0200, Troels Hansen wrote:
> At least for some users....
> 
> One user failing:
> 
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [unpack_buffer] (0x0100): cmd [249] uid [1349930179] gid
>  [1349930179] validate [true] enterprise principal [false] offline [true] UPN [hlau at NET.DR.DK]
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Trying to become user [134993017
> 9][1349930179].
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Trying to become user [134993017
> 9][1349930179].
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [become_user] (0x0200): Already user [1349930179].
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_
> RENEWABLE_LIFETIME] from environment.
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_
> LIFETIME] from environment.
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [sss_krb5_prompter] (0x0020): Cannot handle password pro
> mpts.
> (Tue Aug  9 14:41:37 2016) [[sssd[krb5_child[1360]]]] [k5c_send_data] (0x0200): Received error code 0
> 
> 
> Me logging in works....
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [unpack_buffer] (0x0100): cmd [241] uid [1349938498] gid [1349938498] validate [true] enterprise principal [false] offline [false] UPN [DREXTRHA at NET.DR.DK]
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [unpack_buffer] (0x0100): ccname: [KEYRING:persistent:1349938498] old_ccname: [KEYRING:persistent:1349938498] keytab: [/etc/krb5.keytab]
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [switch_creds] (0x0200): Switch user to [1349938498][1349938498].
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [switch_creds] (0x0200): Switch user to [0][0].
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [k5c_setup_fast] (0x0100): SSSD_KRB5_FAST_PRINCIPAL is set to [host/rhel02udv.linux.dr.dk at LINUX.DR.DK]
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [check_fast_ccache] (0x0200): FAST TGT is still valid.
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [become_user] (0x0200): Trying to become user [1349938498][1349938498].
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_RENEWABLE_LIFETIME] from environment.
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_lifetime_options] (0x0100): Cannot read [SSSD_KRB5_LIFETIME] from environment.
> (Tue Aug  9 14:58:21 2016) [[sssd[krb5_child[1497]]]] [set_canonicalize_option] (0x0100): SSSD_KRB5_CANONICALIZE is set to [true]
> 
> 
> What does "Cannot handle password prompts" mean? the only thing I can find is some sssd krb5 commits looking to be related to password change?

I'm not sure this is related, can you paste more context?