[Freeipa-users] SSSD to IPA connection?

Jakub Hrozek jhrozek at redhat.com
Mon Jan 4 17:11:04 UTC 2016 

On Mon, Jan 04, 2016 at 08:30:08AM -0800, Janelle wrote:
> Happy New Year everyone!
> 
> I came across a couple of my servers having some strange connection problems
> and was wondering if anyone else has seen this or know what might cause it?
> This is IPA 4.1.4 and client on RHEL 7.1. When you look at the status, for
> some reason, SSSD has lost contact with the servers, and a restart is
> required. What I don't understand is what this "Preauth" failure is?
> 
> Ideas?
> ~Janelle
> 
> Redirecting to /bin/systemctl status  sssd.service
> sssd.service - System Security Services Daemon
>    Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled)
>   Drop-In: /etc/systemd/system/sssd.service.d
>            └─journal.conf
>    Active: active (running) since Sat 2015-12-12 07:41:55 EST; 2 weeks 4
> days ago
>   Process: 24482 ExecStart=/usr/sbin/sssd -D -f (code=exited,
> status=0/SUCCESS)
>  Main PID: 24483 (sssd)
>    CGroup: /system.slice/sssd.service
>            ├─24483 /usr/sbin/sssd -D -f
>            ├─24484 /usr/libexec/sssd/sssd_be --domain example.com --uid 0
> --gid 0 --debug-to-files
>            ├─24485 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0
> --debug-to-files
>            ├─24486 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0
> --debug-to-files
>            ├─24487 /usr/libexec/sssd/sssd_ssh --uid 0 --gid 0
> --debug-to-files
>            └─24488 /usr/libexec/sssd/sssd_pac --uid 0 --gid 0
> --debug-to-files
> 
> Jan 01 07:55:24 client.example.com [sssd[krb5_child[10456]]][10456]:
> Preauthentication failed
> Jan 01 07:56:07 client.example.com [sssd[krb5_child[10464]]][10464]:
> Preauthentication failed
> Jan 01 07:57:16 client.example.com [sssd[krb5_child[10471]]][10471]:
> Preauthentication failed

Preauthentication failed means more or less wrong password, but since
the message is from krb5_child, I guess it's during user login.

What exactly is not working?

> Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1
> Jan 01 08:10:48 client.example.com sssd_be[12345]: GSSAPI client step 1
> Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 1
> Jan 01 08:10:49 client.example.com sssd_be[12345]: GSSAPI client step 2
> Jan 01 08:20:10 client.example.com [sssd[krb5_child[10538]]][10538]:
> Preauthentication failed
> Jan 01 08:20:29 client.example.com [sssd[krb5_child[10541]]][10541]:
> Preauthentication failed
> Jan 01 08:20:48 client.example.com [sssd[krb5_child[10596]]][10596]:
> Preauthentication failed
> 
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project

More information about the Freeipa-users mailing list